post(caddy-nixos-2): hardened kernel

This commit is contained in:
MDLeom 2020-03-29 11:33:01 +01:00
parent 9f72fdef17
commit c24692a391
No known key found for this signature in database
GPG Key ID: 5D9DB57A25D34EE3
1 changed files with 8 additions and 0 deletions

View File

@ -304,3 +304,11 @@ Based on [Ubuntu Wiki](https://wiki.ubuntu.com/ImprovedNetworking/KernelSecurity
```
TCP Fast Open ([TFO](https://en.wikipedia.org/wiki/Tcp_fast_open)) is enabled by default (`tcp_fastopen = 1`) for outgoing connection since 3.13. As of writing, TFO has limited server support; Caddy, Tor and I2Pd don't support it yet, so enabling it for incoming and outgoing connections (`3`) has no effect.
## Hardened kernel
Kernel compiled with additional security-oriented patch set. [More details](https://wiki.archlinux.org/index.php/Security#Kernel_hardening).
```
boot.kernelPackages = pkgs.linuxPackages_hardened;
```