From bb078eb6dcd67616e4e57b8df7cf8bc0dbd8ffa9 Mon Sep 17 00:00:00 2001 From: Silvino Silva Date: Sat, 18 Feb 2017 06:59:21 +0000 Subject: install update to crux 3.3 --- core/conf/sysctl.conf | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) (limited to 'core/conf/sysctl.conf') diff --git a/core/conf/sysctl.conf b/core/conf/sysctl.conf index b74243b..b419628 100644 --- a/core/conf/sysctl.conf +++ b/core/conf/sysctl.conf @@ -2,7 +2,7 @@ # /etc/sysctl.conf: configuration for system variables, see sysctl.conf(5) # -kernel.printk = 1 4 1 7 +kernel.printk = 15 1 1 4 # Disable ipv6 net.ipv6.conf.all.disable_ipv6 = 1 @@ -10,13 +10,13 @@ net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 # Tuen IPv6 -# net.ipv6.conf.default.router_solicitations = 0 -# net.ipv6.conf.default.accept_ra_rtr_pref = 0 -# net.ipv6.conf.default.accept_ra_pinfo = 0 -# net.ipv6.conf.default.accept_ra_defrtr = 0 -# net.ipv6.conf.default.autoconf = 0 -# net.ipv6.conf.default.dad_transmits = 0 -# net.ipv6.conf.default.max_addresses = 0 +net.ipv6.conf.default.router_solicitations = 0 +net.ipv6.conf.default.accept_ra_rtr_pref = 0 +net.ipv6.conf.default.accept_ra_pinfo = 0 +net.ipv6.conf.default.accept_ra_defrtr = 0 +net.ipv6.conf.default.autoconf = 0 +net.ipv6.conf.default.dad_transmits = 0 +net.ipv6.conf.default.max_addresses = 0 # Avoid a smurf attack net.ipv4.icmp_echo_ignore_broadcasts = 1 @@ -98,5 +98,16 @@ net.core.wmem_max = 8388608 net.core.netdev_max_backlog = 5000 net.ipv4.tcp_window_scaling = 1 -# End of file +# Grsecurity stuff + +# cant chroot to outside chroot used to break chroot +kernel.grsecurity.chroot_deny_chroot = 1 +# function related to filesystems used to exploit +kernel.grsecurity.chroot_deny_pivot = 1 +# enforce current directory to chroot +kernel.grsecurity.chroot_enforce_chdir = 1 +# cant chmod inside chroot used to break chroot +kernel.grsecurity.chroot_deny_chmod = 0 + +# End of file -- cgit 1.4.1-2-gfad0