about summary refs log tree commit diff stats
path: root/core/conf/sysctl.conf
diff options
context:
space:
mode:
authorSilvino Silva <silvino@bk.ru>2017-02-18 06:59:21 +0000
committerSilvino Silva <silvino@bk.ru>2017-02-18 06:59:21 +0000
commitbb078eb6dcd67616e4e57b8df7cf8bc0dbd8ffa9 (patch)
treecb88b7d25e1cc8b4a727443bad339ef2692de542 /core/conf/sysctl.conf
parentd11608eafc201f6fc5e6fad86eb76908f489deda (diff)
downloaddoc-bb078eb6dcd67616e4e57b8df7cf8bc0dbd8ffa9.tar.gz
install update to crux 3.3
Diffstat (limited to 'core/conf/sysctl.conf')
-rw-r--r--core/conf/sysctl.conf29


1 files changed, 20 insertions, 9 deletions
diff --git a/core/conf/sysctl.conf b/core/conf/sysctl.conf
index b74243b..b419628 100644
--- a/core/conf/sysctl.conf
+++ b/core/conf/sysctl.conf
@@ -2,7 +2,7 @@
 # /etc/sysctl.conf: configuration for system variables, see sysctl.conf(5)
 #
 
-kernel.printk = 1 4 1 7
+kernel.printk = 15 1 1 4
 
 # Disable ipv6
 net.ipv6.conf.all.disable_ipv6 = 1
@@ -10,13 +10,13 @@ net.ipv6.conf.default.disable_ipv6 = 1
 net.ipv6.conf.lo.disable_ipv6 = 1
 
 # Tuen IPv6
-# net.ipv6.conf.default.router_solicitations = 0
-# net.ipv6.conf.default.accept_ra_rtr_pref = 0
-# net.ipv6.conf.default.accept_ra_pinfo = 0
-# net.ipv6.conf.default.accept_ra_defrtr = 0
-# net.ipv6.conf.default.autoconf = 0
-# net.ipv6.conf.default.dad_transmits = 0
-# net.ipv6.conf.default.max_addresses = 0
+net.ipv6.conf.default.router_solicitations = 0
+net.ipv6.conf.default.accept_ra_rtr_pref = 0
+net.ipv6.conf.default.accept_ra_pinfo = 0
+net.ipv6.conf.default.accept_ra_defrtr = 0
+net.ipv6.conf.default.autoconf = 0
+net.ipv6.conf.default.dad_transmits = 0
+net.ipv6.conf.default.max_addresses = 0
 
 # Avoid a smurf attack
 net.ipv4.icmp_echo_ignore_broadcasts = 1
@@ -98,5 +98,16 @@ net.core.wmem_max = 8388608
 net.core.netdev_max_backlog = 5000
 net.ipv4.tcp_window_scaling = 1
 
-# End of file
+# Grsecurity stuff
+
+# cant chroot to outside chroot used to break chroot
+kernel.grsecurity.chroot_deny_chroot    = 1
+# function related to filesystems used to exploit
+kernel.grsecurity.chroot_deny_pivot     = 1
+# enforce current directory to chroot
+kernel.grsecurity.chroot_enforce_chdir  = 1
+# cant chmod inside chroot used to break chroot
+kernel.grsecurity.chroot_deny_chmod     = 0
 
+
+# End of file

 

generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-09-14 01:53:41 +0000