The GhostBSD Security Wiki should be more detailed

Share your ideas, questions or suggestions with us here.
Post Reply
User avatar
security_lover
Posts: 69
Joined: Thu Apr 22, 2021 9:54 am

The GhostBSD Security Wiki should be more detailed

Post by security_lover »

I have added the following lines to me /etc/sysctl.conf.

Code: Select all

hw.kbd.keymap_restrict_change=4
kern.sugid_coredump=0
net.inet.icmp.bmcastecho=0
net.inet.icmp.drop_redirect=1
net.inet.ip.accept_sourceroute=0
net.inet.ip.check_interface=1
net.inet.ip.forwarding=0
net.inet.ip.process_options=0
net.inet.ip.random_id=1
net.inet.ip.redirect=0
net.inet.ip.sourceroute=0
net.inet.tcp.always_keepalive=0
net.inet.tcp.blackhole=2
net.inet.tcp.drop_synfin=1
net.inet.tcp.icmp_may_rst=0
net.inet.tcp.nolocaltimewait=1
net.inet.tcp.path_mtu_discovery=0
net.inet.udp.blackhole=1
net.inet6.icmp6.rediraccept=0
net.inet6.ip6.forwarding=0
net.inet6.ip6.fw.enable=1
net.inet6.ip6.redirect=0
I got the idea by reading this Wiki page >>> https://wiki.ghostbsd.org/index.php/Security
But fact is I don't know what each of those lines actually do. So whoever wrote that wiki page must add the purpose of all of those lines.

One more thing. Its written that the following lines will change the user experience.

Code: Select all

security.bsd.hardlink_check_gid=1
security.bsd.hardlink_check_uid=1
security.bsd.see_other_gids=0
security.bsd.see_other_uids=0
security.bsd.stack_guard_page=1
security.bsd.unprivileged_proc_debug=0
security.bsd.unprivileged_read_msgbuf=0
Again the same thing. What do each on these line do & what kind of breakage can these lines cause. If I get to know that I can decide if I am ready to cope with the change in user experience.
I am paranoid about security !
User avatar
ericbsd
Developer
Posts: 2052
Joined: Mon Nov 19, 2012 7:54 pm

Re: The GhostBSD Security Wiki should be more detailed

Post by ericbsd »

The wiki is going away. Instead, it will move to https://github.com/ghostbsd/documentation and https://ghostbsd-documentation-portal.readthedocs.io/.

When? I have no idea because my time is limited, so do not focus on documentation.

In the meantime, don't expect the wiki to be detailed or current.
Post Reply