In order to make local privilege escalation more harder, hide
kernel addresses in various /proc files against users with
root (or similar) permissions, too.

Common system hardening tools such as lynis recommend this.

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 setup/sysctl/kernel-hardening.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/sysctl/kernel-hardening.conf b/setup/sysctl/kernel-hardening.conf
index 6751bbef6..9bb6e9f45 100644
--- a/setup/sysctl/kernel-hardening.conf
+++ b/setup/sysctl/kernel-hardening.conf
@@ -1,5 +1,5 @@
 # Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc).
-kernel.kptr_restrict = 1
+kernel.kptr_restrict = 2
 
 # Avoid kernel memory address exposures via dmesg.
 kernel.dmesg_restrict = 1
-- 
2.16.4