1. photon
  2. SPECS
  3. systemd
  4. 50-security-hardening.conf
Raw Blame History 
#Enabling the strongest form of native Linux Address Space Layout Randomization (ASLR).
kernel.randomize_va_space=2
#Restrict revealing kernel addresses
kernel.kptr_restrict=2
#Preventing non-root users from viewing the kernel ring buffer.
kernel.dmesg_restrict = 1
# To avoid potential information disclosure
net.ipv4.tcp_timestamps = 0
# disabling an unused feature 
kernel.sysrq=0