Linux kernel security tunables everyone should consider adopting

The Linux kernel is crucial to many modern production systems as it manages memory, mediates access to hardware, and enforces security policies. This post discusses various Linux kernel security configurations used at Cloudflare to prevent or minimize potential system compromises. These include secure boot, restricted kernel pointers, Kernel Address Space Layout Randomization (KASLR), kexec_load() disablement, and the Lockdown LSM module. The use of these features helps ensure the integrity and security of Linux systems.