summaryrefslogtreecommitdiffstats
path: root/security-blueprint/part-4/0_Abstract.md
diff options
context:
space:
mode:
Diffstat (limited to 'security-blueprint/part-4/0_Abstract.md')
-rw-r--r--security-blueprint/part-4/0_Abstract.md20
1 files changed, 20 insertions, 0 deletions
diff --git a/security-blueprint/part-4/0_Abstract.md b/security-blueprint/part-4/0_Abstract.md
new file mode 100644
index 0000000..edf75be
--- /dev/null
+++ b/security-blueprint/part-4/0_Abstract.md
@@ -0,0 +1,20 @@
+# Part 4 - Kernel
+
+## Abstract
+
+**System Hardening:** Best practices associated with the configuration of an
+embedded Linux based operating system. This section includes both hardening of
+the kernel itself, as well as specific configurations and patches used to
+protect against known vulnerabilities within the build and configuration of the
+root filesystem.
+
+At the Kernel level, we must ensure that no console can be launched. It could be
+used to change the behavior of the system or to have more information about it.
+Another aspect is the protection of the memory used by the Kernel.
+
+The next sub-sections contain information on various kernel configuration
+options to enhance the security in the kernel (3.10.17) and also for
+applications compiled to take advantage of these security features.
+Additionally, there are also configuration options that protect from known
+vulnerable configuration options. Here's a high level summary of various kernel
+configurations that shall be required for deployment.