Kernel security controls
Control : KRNL-5677
Kernels with PAE support have additional security controls like No eXecute. When possible, it is advised to use such kernel. For other systems where it is not possible to run such kernel, this control might be hidden/ignored.
Control : KRNL-5788
This control is for systems based on Debian/Ubuntu and tests the availability of a new Linux kernel. When an update is available, it's usually a security related update or an update to fix serious flaws.
Control : KRNL-5820
Lynis tests if core dumps are enabled on the system.
Control : KRNL-5830
If this test shows up, a reboot of the system is required. Schedule down time for a reboot.
Control : KRNL-6000
By means of sysctl values we can adjust kernel related parameters. Many of them are related to hardening of the network stack, how the kernel deals with processes or files. This control is a generic test with several sysctl variables (configured by the scan profile).