diff options
author | Silvino Silva <silvino@bk.ru> | 2017-02-18 06:59:21 +0000 |
---|---|---|
committer | Silvino Silva <silvino@bk.ru> | 2017-02-18 06:59:21 +0000 |
commit | bb078eb6dcd67616e4e57b8df7cf8bc0dbd8ffa9 (patch) | |
tree | cb88b7d25e1cc8b4a727443bad339ef2692de542 /core/conf/sysctl.conf | |
parent | d11608eafc201f6fc5e6fad86eb76908f489deda (diff) | |
download | doc-bb078eb6dcd67616e4e57b8df7cf8bc0dbd8ffa9.tar.gz |
install update to crux 3.3
Diffstat (limited to 'core/conf/sysctl.conf')
-rw-r--r-- | core/conf/sysctl.conf | 29 |
1 files changed, 20 insertions, 9 deletions
diff --git a/core/conf/sysctl.conf b/core/conf/sysctl.conf index b74243b..b419628 100644 --- a/core/conf/sysctl.conf +++ b/core/conf/sysctl.conf @@ -2,7 +2,7 @@ # /etc/sysctl.conf: configuration for system variables, see sysctl.conf(5) # -kernel.printk = 1 4 1 7 +kernel.printk = 15 1 1 4 # Disable ipv6 net.ipv6.conf.all.disable_ipv6 = 1 @@ -10,13 +10,13 @@ net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 # Tuen IPv6 -# net.ipv6.conf.default.router_solicitations = 0 -# net.ipv6.conf.default.accept_ra_rtr_pref = 0 -# net.ipv6.conf.default.accept_ra_pinfo = 0 -# net.ipv6.conf.default.accept_ra_defrtr = 0 -# net.ipv6.conf.default.autoconf = 0 -# net.ipv6.conf.default.dad_transmits = 0 -# net.ipv6.conf.default.max_addresses = 0 +net.ipv6.conf.default.router_solicitations = 0 +net.ipv6.conf.default.accept_ra_rtr_pref = 0 +net.ipv6.conf.default.accept_ra_pinfo = 0 +net.ipv6.conf.default.accept_ra_defrtr = 0 +net.ipv6.conf.default.autoconf = 0 +net.ipv6.conf.default.dad_transmits = 0 +net.ipv6.conf.default.max_addresses = 0 # Avoid a smurf attack net.ipv4.icmp_echo_ignore_broadcasts = 1 @@ -98,5 +98,16 @@ net.core.wmem_max = 8388608 net.core.netdev_max_backlog = 5000 net.ipv4.tcp_window_scaling = 1 -# End of file +# Grsecurity stuff + +# cant chroot to outside chroot used to break chroot +kernel.grsecurity.chroot_deny_chroot = 1 +# function related to filesystems used to exploit +kernel.grsecurity.chroot_deny_pivot = 1 +# enforce current directory to chroot +kernel.grsecurity.chroot_enforce_chdir = 1 +# cant chmod inside chroot used to break chroot +kernel.grsecurity.chroot_deny_chmod = 0 + +# End of file |