diff options
Diffstat (limited to 'kernels/linux-libre-grsec/sysctl.conf')
| -rw-r--r-- | kernels/linux-libre-grsec/sysctl.conf | 103 |
1 files changed, 0 insertions, 103 deletions
diff --git a/kernels/linux-libre-grsec/sysctl.conf b/kernels/linux-libre-grsec/sysctl.conf deleted file mode 100644 index 5c70de4a2..000000000 --- a/kernels/linux-libre-grsec/sysctl.conf +++ /dev/null @@ -1,103 +0,0 @@ -# -# Notes -# -# disable_priv_io: Useless if grsec_lock is not activated. -# symlinkown_gid: Group http. -# romount_protect: Deny rw mounts after boot. -# audit_group: Restrict exec/chdir log to group. -# exec_logging: Verbose! -# chroot_execlog: Verbose! -# audit_chdir: Verbose! -# dmesg: Restrict dmesg to root. -# tpe_gid: Group tpe-trusted. -# socket_all_gid: Group socket-deny-all. -# socket_client_gid: Group socket-deny-client. -# socket_server_gid: Group socket-deny-server. -# deny_new_usb: No new USB after boot. - - -# -# Memory Protections -# - -#kernel.grsecurity.disable_priv_io = 1 -#kernel.grsecurity.deter_bruteforce = 1 - -# -# Filesystem Protections -# - -#kernel.grsecurity.linking_restrictions = 1 -#kernel.grsecurity.enforce_symlinksifowner = 1 -#kernel.grsecurity.symlinkown_gid = 33 -#kernel.grsecurity.fifo_restrictions = 1 -#kernel.grsecurity.romount_protect = 0 -#kernel.grsecurity.chroot_caps = 1 -#kernel.grsecurity.chroot_deny_chmod = 1 -#kernel.grsecurity.chroot_deny_chroot = 1 -#kernel.grsecurity.chroot_deny_fchdir = 1 -#kernel.grsecurity.chroot_deny_mknod = 1 -#kernel.grsecurity.chroot_deny_mount = 1 -#kernel.grsecurity.chroot_deny_pivot = 1 -#kernel.grsecurity.chroot_deny_shmat = 1 -#kernel.grsecurity.chroot_deny_sysctl = 1 -#kernel.grsecurity.chroot_deny_unix = 1 -#kernel.grsecurity.chroot_enforce_chdir = 1 -#kernel.grsecurity.chroot_findtask = 1 -#kernel.grsecurity.chroot_restrict_nice = 1 - -# -# Kernel Auditing -# - -kernel.grsecurity.audit_group = 0 -#kernel.grsecurity.audit_gid = 9994 -kernel.grsecurity.exec_logging = 0 -#kernel.grsecurity.resource_logging = 1 -kernel.grsecurity.chroot_execlog = 0 -#kernel.grsecurity.audit_ptrace = 1 -kernel.grsecurity.audit_chdir = 0 -#kernel.grsecurity.audit_mount = 1 -#kernel.grsecurity.signal_logging = 1 -#kernel.grsecurity.forkfail_logging = 1 -#kernel.grsecurity.timechange_logging = 1 -#kernel.grsecurity.rwxmap_logging = 1 - -# -# Executable Protections -# - -#kernel.grsecurity.dmesg = 1 -#kernel.grsecurity.harden_ptrace = 1 -#kernel.grsecurity.ptrace_readexec = 1 -#kernel.grsecurity.consistent_setxid = 1 -#kernel.grsecurity.harden_ipc = 1 -#kernel.grsecurity.tpe = 1 -#kernel.grsecurity.tpe_gid = 9999 -#kernel.grsecurity.tpe_invert = 1 -#kernel.grsecurity.tpe_restrict_all = 1 - -# -# Network Protections -# - -#kernel.grsecurity.ip_blackhole = 1 -#kernel.grsecurity.lastack_retries = 4 -#kernel.grsecurity.socket_all = 1 -#kernel.grsecurity.socket_all_gid = 9995 -#kernel.grsecurity.socket_client = 1 -#kernel.grsecurity.socket_client_gid = 9996 -#kernel.grsecurity.socket_server = 1 -#kernel.grsecurity.socket_server_gid = 9997 - -# -# Physical Protections -# - -#kernel.grsecurity.deny_new_usb = 0 - -# -# Restrict grsec sysctl changes after this was set -# - -kernel.grsecurity.grsec_lock = 1 |