post(caddy-nixos-2): hardened kernel

2020-03-29 11:33:01 +01:00 · 2020-03-29 11:33:01 +01:00 · c24692a391
parent 9f72fdef17
commit c24692a391
1 changed files with 8 additions and 0 deletions
--- a/source/_posts/caddy-nixos-part-2.md
+++ b/source/_posts/caddy-nixos-part-2.md
@ -304,3 +304,11 @@ Based on [Ubuntu Wiki](https://wiki.ubuntu.com/ImprovedNetworking/KernelSecurity
 ```

 TCP Fast Open ([TFO](https://en.wikipedia.org/wiki/Tcp_fast_open)) is enabled by default (`tcp_fastopen = 1`) for outgoing connection since 3.13. As of writing, TFO has limited server support; Caddy, Tor and I2Pd don't support it yet, so enabling it for incoming and outgoing connections (`3`) has no effect.
+
+## Hardened kernel
+
+Kernel compiled with additional security-oriented patch set. [More details](https://wiki.archlinux.org/index.php/Security#Kernel_hardening).
+
+```
+  boot.kernelPackages = pkgs.linuxPackages_hardened;
+```