Comment # 3 on bug 1090647 from 
Possible hardenings:

- Mount flags on different partitions/subvolumes: noexec,nodev,nosuid (/tmp and
/home, etc).

- SSH options that lynis warns about (compression, Forwarding, etc.)

- sysctl values for the network stack that lynis warns about (icmp redirects,
etc.)

It may also be an idea to provide some sort of "hardened" profile, for
security-conscious people, where we can be more aggressive about defaults
without having to fear to break common use cases.

You are receiving this mail because: