# Append the PID to the core filename
kernel.core_uses_pid = 1

# Enable hard and soft link protection
fs.protected_hardlinks=1
fs.protected_symlinks=1

# Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc).
kernel.kptr_restrict=1

# Avoid kernel memory address exposures via dmesg.
kernel.dmesg_restrict=1

# Block non-uid-0 kernel profiling
kernel.perf_event_paranoid=2

# Turn off kexec, even if it's built in.
kernel.kexec_load_disabled=1

# Avoid non-ancestor ptrace access to running processes and their credentials.
kernel.yama.ptrace_scope=1