Skip to content

Kernel security controls

Control : KRNL-5677

Kernels with PAE support have additional security controls like No eXecute. When possible, it is advised to use such kernel. For other systems where it is not possible to run such kernel, this control might be hidden/ignored.

Control : KRNL-5788

This control is for systems based on Debian/Ubuntu and tests the availability of a new Linux kernel. When an update is available, it's usually a security related update or an update to fix serious flaws.

Control : KRNL-5820

Lynis tests if core dumps are enabled on the system.

Control : KRNL-5830

If this test shows up, a reboot of the system is required. Schedule down time for a reboot.

Control : KRNL-6000

By means of sysctl values we can adjust kernel related parameters. Many of them are related to hardening of the network stack, how the kernel deals with processes or files. This control is a generic test with several sysctl variables (configured by the scan profile).