dev.tty.ldisc_autoload=0
kernel.dmesg_restrict=1
kernel.kexec_load_disabled=1
kernel.kptr_restrict=2
kernel.perf_event_paranoid=3
kernel.sysrq=4
kernel.unprivileged_bpf_disabled=1
kernel.unprivileged_userns_clone=0
kernel.yama.ptrace_scope=2
net.core.bpf_jit_harden=2
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.default.rp_filter=1
net.ipv4.tcp_rfc1337=1
net.ipv4.tcp_syncookies=1
vm.unprivileged_userfaultfd=0


Changelog:
29/11/2025
- Initial commit
- Source : 
	- Madaidan; applied only the sysctl parts (more coming soon) and sorted them out 
	https://madaidans-insecurities.github.io/guides/linux-hardening.html
	-