Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision Next revision Both sides next revision | ||
linux:grsec [2006/02/19 20:04] 193.77.56.193 created document |
linux:grsec [2006/04/17 16:12] a more |
||
---|---|---|---|
Line 12: | Line 12: | ||
* Every security alert or audit contains the IP address of the person that caused the event | * Every security alert or audit contains the IP address of the person that caused the event | ||
- | taked from GrSecHomepage :) | + | taken from GrSecHomepage :) |
==== Links ==== | ==== Links ==== | ||
* [[http:// | * [[http:// | ||
Line 29: | Line 30: | ||
===== Configuration ===== | ===== Configuration ===== | ||
+ | |||
+ | putting all Grsec sysctl options into sysctl.conf | ||
+ | |||
+ | sysctl -a |grep grsec >> / | ||
+ | |||
==== sysctl ==== | ==== sysctl ==== | ||
+ | |||
+ | kernel.grsecurity.destroy_unused_shm = 1 | ||
+ | kernel.grsecurity.chroot_findtask = 1 | ||
+ | kernel.grsecurity.dmesg = 0 | ||
+ | kernel.grsecurity.audit_ipc = 1 | ||
+ | kernel.grsecurity.audit_mount = 0 | ||
+ | kernel.grsecurity.audit_chdir = 0 | ||
+ | kernel.grsecurity.audit_gid = 33 | ||
+ | kernel.grsecurity.audit_group = 1 | ||
+ | kernel.grsecurity.rand_tcp_src_ports = 1 | ||
+ | kernel.grsecurity.rand_pids = 1 | ||
+ | kernel.grsecurity.tpe_restrict_all = 0 | ||
+ | kernel.grsecurity.tpe_gid = 0 | ||
+ | kernel.grsecurity.tpe = 0 | ||
+ | kernel.grsecurity.chroot_deny_sysctl = 1 | ||
+ | kernel.grsecurity.chroot_caps = 1 | ||
+ | kernel.grsecurity.chroot_execlog = 1 | ||
+ | kernel.grsecurity.chroot_restrict_nice = 1 | ||
+ | kernel.grsecurity.chroot_deny_mknod = 1 | ||
+ | kernel.grsecurity.chroot_deny_chmod = 1 | ||
+ | kernel.grsecurity.chroot_enforce_chdir = 1 | ||
+ | kernel.grsecurity.chroot_deny_pivot = 1 | ||
+ | kernel.grsecurity.chroot_deny_chroot = 1 | ||
+ | kernel.grsecurity.chroot_deny_fchdir = 1 | ||
+ | kernel.grsecurity.chroot_deny_mount = 1 | ||
+ | kernel.grsecurity.chroot_deny_unix = 1 | ||
+ | kernel.grsecurity.chroot_deny_shmat = 1 | ||
+ | kernel.grsecurity.timechange_logging = 1 | ||
+ | kernel.grsecurity.forkfail_logging = 1 | ||
+ | kernel.grsecurity.signal_logging = 1 | ||
+ | kernel.grsecurity.exec_logging = 0 | ||
+ | kernel.grsecurity.execve_limiting = 1 | ||
+ | kernel.grsecurity.fifo_restrictions = 1 | ||
+ | kernel.grsecurity.linking_restrictions = 1 | ||
+ | kernel.pax.softmode = 1 | ||
+ | kernel.grsecurity.grsec_lock = 0 | ||
+ | |||
+ | ==== PaX ==== | ||
==== gdadm ==== | ==== gdadm ==== | ||
TODO | TODO |