Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision Next revision Both sides next revision | ||
|
linux:grsec [2006/02/19 20:04] 193.77.56.193 created document |
linux:grsec [2006/04/17 16:12] a more |
||
|---|---|---|---|
| Line 12: | Line 12: | ||
| * Every security alert or audit contains the IP address of the person that caused the event | * Every security alert or audit contains the IP address of the person that caused the event | ||
| - | taked from GrSecHomepage :) | + | taken from GrSecHomepage :) |
| ==== Links ==== | ==== Links ==== | ||
| * [[http:// | * [[http:// | ||
| Line 29: | Line 30: | ||
| ===== Configuration ===== | ===== Configuration ===== | ||
| + | |||
| + | putting all Grsec sysctl options into sysctl.conf | ||
| + | |||
| + | sysctl -a |grep grsec >> / | ||
| + | |||
| ==== sysctl ==== | ==== sysctl ==== | ||
| + | |||
| + | kernel.grsecurity.destroy_unused_shm = 1 | ||
| + | kernel.grsecurity.chroot_findtask = 1 | ||
| + | kernel.grsecurity.dmesg = 0 | ||
| + | kernel.grsecurity.audit_ipc = 1 | ||
| + | kernel.grsecurity.audit_mount = 0 | ||
| + | kernel.grsecurity.audit_chdir = 0 | ||
| + | kernel.grsecurity.audit_gid = 33 | ||
| + | kernel.grsecurity.audit_group = 1 | ||
| + | kernel.grsecurity.rand_tcp_src_ports = 1 | ||
| + | kernel.grsecurity.rand_pids = 1 | ||
| + | kernel.grsecurity.tpe_restrict_all = 0 | ||
| + | kernel.grsecurity.tpe_gid = 0 | ||
| + | kernel.grsecurity.tpe = 0 | ||
| + | kernel.grsecurity.chroot_deny_sysctl = 1 | ||
| + | kernel.grsecurity.chroot_caps = 1 | ||
| + | kernel.grsecurity.chroot_execlog = 1 | ||
| + | kernel.grsecurity.chroot_restrict_nice = 1 | ||
| + | kernel.grsecurity.chroot_deny_mknod = 1 | ||
| + | kernel.grsecurity.chroot_deny_chmod = 1 | ||
| + | kernel.grsecurity.chroot_enforce_chdir = 1 | ||
| + | kernel.grsecurity.chroot_deny_pivot = 1 | ||
| + | kernel.grsecurity.chroot_deny_chroot = 1 | ||
| + | kernel.grsecurity.chroot_deny_fchdir = 1 | ||
| + | kernel.grsecurity.chroot_deny_mount = 1 | ||
| + | kernel.grsecurity.chroot_deny_unix = 1 | ||
| + | kernel.grsecurity.chroot_deny_shmat = 1 | ||
| + | kernel.grsecurity.timechange_logging = 1 | ||
| + | kernel.grsecurity.forkfail_logging = 1 | ||
| + | kernel.grsecurity.signal_logging = 1 | ||
| + | kernel.grsecurity.exec_logging = 0 | ||
| + | kernel.grsecurity.execve_limiting = 1 | ||
| + | kernel.grsecurity.fifo_restrictions = 1 | ||
| + | kernel.grsecurity.linking_restrictions = 1 | ||
| + | kernel.pax.softmode = 1 | ||
| + | kernel.grsecurity.grsec_lock = 0 | ||
| + | |||
| + | ==== PaX ==== | ||
| ==== gdadm ==== | ==== gdadm ==== | ||
| TODO | TODO | ||
