[projects/rc-scripts] Drop grsecurity sysctl knobs
baggins
baggins at pld-linux.org
Sat Oct 21 11:02:35 CEST 2023
commit b8adb71fbeabf8890720ab44bb43dfb6bc68e3b7
Author: Jan Rękorajski <baggins at pld-linux.org>
Date: Sat Oct 21 10:58:11 2023 +0200
Drop grsecurity sysctl knobs
sysctl.conf | 52 ----------------------------------------------------
1 file changed, 52 deletions(-)
---
diff --git a/sysctl.conf b/sysctl.conf
index a34935ba..de26cd50 100644
--- a/sysctl.conf
+++ b/sysctl.conf
@@ -140,58 +140,6 @@ kernel.sysrq = 1
# 0 - never reboot system (suggested 60)
#kernel.panic = 60
-#
-# GRSECURITY http://www.grsecurity.org
-#
-# WARNING!
-# These values are SET ONCE!
-#
-#kernel.grsecurity.linking_restrictions = 1
-#kernel.grsecurity.fifo_restrictions = 1
-#kernel.grsecurity.destroy_unused_shm = 0
-#kernel.grsecurity.chroot_caps = 0
-#kernel.grsecurity.chroot_deny_chmod = 0
-#kernel.grsecurity.chroot_deny_chroot = 1
-#kernel.grsecurity.chroot_deny_fchdir = 0
-#kernel.grsecurity.chroot_deny_mknod = 1
-#kernel.grsecurity.chroot_deny_mount = 1
-#kernel.grsecurity.chroot_deny_pivot = 1
-#kernel.grsecurity.chroot_deny_shmat = 0
-#kernel.grsecurity.chroot_deny_sysctl = 1
-#kernel.grsecurity.chroot_deny_unix = 0
-#kernel.grsecurity.chroot_enforce_chdir = 0
-#kernel.grsecurity.chroot_execlog = 0
-#kernel.grsecurity.chroot_findtask = 1
-#kernel.grsecurity.chroot_restrict_nice = 0
-
-#kernel.grsecurity.exec_logging = 0
-#kernel.grsecurity.signal_logging = 1
-#kernel.grsecurity.forkfail_logging = 0
-#kernel.grsecurity.timechange_logging = 1
-#kernel.grsecurity.audit_chdir = 0
-#kernel.grsecurity.audit_gid = 65505
-#kernel.grsecurity.audit_group = 0
-#kernel.grsecurity.audit_ipc = 0
-#kernel.grsecurity.audit_mount = 0
-
-#kernel.grsecurity.execve_limiting = 1
-#kernel.grsecurity.dmesg = 1
-#kernel.grsecurity.tpe = 1
-#kernel.grsecurity.tpe_gid = 65500
-#kernel.grsecurity.tpe_glibc = 0
-#kernel.grsecurity.tpe_restrict_all = 0
-
-#kernel.grsecurity.rand_pids = 1
-#kernel.grsecurity.socket_all = 1
-#kernel.grsecurity.socket_all_gid = 65501
-#kernel.grsecurity.socket_client = 1
-#kernel.grsecurity.socket_client_gid = 65502
-#kernel.grsecurity.socket_server = 1
-#kernel.grsecurity.socket_server_gid = 65503
-
-#kernel.grsecurity.disable_modules = 0
-#kernel.grsecurity.grsec_lock = 0
-
# kernel.randomize_va_space = 2
# 0 - Turn the process address space randomization off by default.
# 1 - Conservative address space randomization makes the addresses of
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/projects/rc-scripts.git/commitdiff/af38444cbbd0962c350a178b45a2cc32f94570a0
More information about the pld-cvs-commit
mailing list