disable Simultaneous multithreading (hyper-threading)
Note: This is something mostly hypervisors benefit from. Enabling it on an ordinary system has very little to no security benefits.
l1tf=full,force mds=full,nosmt mitigations=auto,nosmt nosmt=force
cat /etc/security/limits.conf
#nproc limits
* soft nproc 600
* hard nproc 1000
#disable core dumps
* hard core 0
* soft core 0
Ref.
https://wiki.archlinux.org/title/security#Simultaneous_multithreading_(hyper-threading)
https://www.cyberciti.biz/faq/disable-core-dumps-in-linux-with-systemd-sysctl/
man 8 sysctl
man 5 sysctl.conf
man 5 proc
man 1 apport-cli
# Linux/systemd man page
man 5 coredump.conf
Comments
Post a Comment