Created
September 8, 2016 18:23
-
-
Save joekir/e95ed43f8269409ec9948d138243ee29 to your computer and use it in GitHub Desktop.
/etc/rc.local script to lock down some linux kernel settings
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh -e | |
# | |
# rc.local | |
# | |
# This script is executed at the end of each multiuser runlevel. | |
# Make sure that the script will "exit 0" on success or any other | |
# value on error. | |
# | |
# In order to enable or disable this script just change the execution | |
# bits. | |
# | |
# By default this script does nothing. | |
# 2 minute opportunity to change settings | |
sleep 120 | |
# Disallow kernel module loading (cannot be unset until reboot) | |
echo 1 > /proc/sys/kernel/modules_disabled | |
# Disabllow live booting of kernel over existing one (cannot be unset until reboot) | |
echo 1 > /proc/sys/kernel/kexec_load_disabled | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment