rc-scripts/trunk/sysctl.conf

zbyniu cvs at pld-linux.org
Tue May 16 01:18:13 CEST 2006 

Author: zbyniu
Date: Tue May 16 01:18:10 2006
New Revision: 7408

Modified:
   rc-scripts/trunk/sysctl.conf
Log:
- grsecurity options updated


Modified: rc-scripts/trunk/sysctl.conf
==============================================================================
--- rc-scripts/trunk/sysctl.conf	(original)
+++ rc-scripts/trunk/sysctl.conf	Tue May 16 01:18:10 2006
@@ -138,35 +138,40 @@
 #
 #kernel.grsecurity.linking_restrictions = 1
 #kernel.grsecurity.fifo_restrictions = 1
-#kernel.grsecurity.secure_fds = 1
-#kernel.grsecurity.chroot_restrictions = 1
-#kernel.grsecurity.chroot_execlog = 0
+#kernel.grsecurity.destroy_unused_shm = 0
 #kernel.grsecurity.chroot_caps = 0
-#kernel.grsecurity.secure_kbmap = 0
+#kernel.grsecurity.chroot_deny_chmod = 0
+#kernel.grsecurity.chroot_deny_chroot = 1
+#kernel.grsecurity.chroot_deny_fchdir = 0
+#kernel.grsecurity.chroot_deny_mknod = 1
+#kernel.grsecurity.chroot_deny_mount = 1
+#kernel.grsecurity.chroot_deny_pivot = 1
+#kernel.grsecurity.chroot_deny_shmat = 0
+#kernel.grsecurity.chroot_deny_sysctl = 1
+#kernel.grsecurity.chroot_deny_unix = 0
+#kernel.grsecurity.chroot_enforce_chdir = 0
+#kernel.grsecurity.chroot_execlog = 0
+#kernel.grsecurity.chroot_findtask = 1
+#kernel.grsecurity.chroot_restrict_nice = 0
 
 #kernel.grsecurity.exec_logging = 0
-#kernel.grsecurity.suid_logging = 0
 #kernel.grsecurity.signal_logging = 1
 #kernel.grsecurity.forkfail_logging = 0
 #kernel.grsecurity.timechange_logging = 1
+#kernel.grsecurity.audit_chdir = 0
+#kernel.grsecurity.audit_gid = 65505
+#kernel.grsecurity.audit_group = 0
+#kernel.grsecurity.audit_ipc = 0
+#kernel.grsecurity.audit_mount = 0
 
 #kernel.grsecurity.execve_limiting = 1
-#kernel.grsecurity.fork_bomb_prot = 0
-#kernel.grsecurity.fork_bomb_gid = 65504
-#kernel.grsecurity.fork_bomb_sec = 40
-#kernel.grsecurity.fork_bomb_max = 20
-#kernel.grsecurity.tpe = 0
+#kernel.grsecurity.dmesg = 1
+#kernel.grsecurity.tpe = 1
 #kernel.grsecurity.tpe_gid = 65500
 #kernel.grsecurity.tpe_glibc = 0
 #kernel.grsecurity.tpe_restrict_all = 0
 
-#kernel.grsecurity.rand_pids = 0
-#kernel.grsecurity.rand_ip_ids = 0
-#kernel.grsecurity.rand_tcp_src_ports = 0
-#kernel.grsecurity.altered_pings = 0
-#kernel.grsecurity.rand_ttl = 0
-#kernel.grsecurity.rand_ttl_thresh = 64
-#kernel.grsecurity.rand_net = 1
+#kernel.grsecurity.rand_pids = 1
 #kernel.grsecurity.socket_all = 1
 #kernel.grsecurity.socket_all_gid = 65501
 #kernel.grsecurity.socket_client = 1
@@ -174,13 +179,8 @@
 #kernel.grsecurity.socket_server = 1
 #kernel.grsecurity.socket_server_gid = 65503
 
-#kernel.grsecurity.stealth_flags = 0
-#kernel.grsecurity.stealth_icmp = 0
-#kernel.grsecurity.stealth_igmp = 0
-#kernel.grsecurity.stealth_rst = 0
-#kernel.grsecurity.stealth_udp = 0
-
-#kernel.grsecurity.coredump = 0
+#kernel.grsecurity.disable_modules = 0
+#kernel.grsecurity.grsec_lock = 0
 
 #
 # Exec-Shield (kernel 2.6 only).

More information about the pld-cvs-commit mailing list