Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/app-admin/grsecurity-scripts/files/sysctl.conf
diff options
context:
space:
mode:
Diffstat (limited to 'app-admin/grsecurity-scripts/files/sysctl.conf')
-rw-r--r--app-admin/grsecurity-scripts/files/sysctl.conf88
1 files changed, 88 insertions, 0 deletions
diff --git a/app-admin/grsecurity-scripts/files/sysctl.conf b/app-admin/grsecurity-scripts/files/sysctl.conf
new file mode 100644
index 0000000..f32a9e6
--- /dev/null
+++ b/app-admin/grsecurity-scripts/files/sysctl.conf
@@ -0,0 +1,88 @@
+#
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+#
+# Created by Wolfram Schlich <wschlich@gentoo.org>
+# Feedback is greatly appreciated!
+#
+
+##
+## GRsecurity sysctl options
+##
+
+#
+# Misc Restrictions
+#
+
+#kernel.grsecurity.execve_limiting = 1
+#kernel.grsecurity.fifo_restrictions = 1
+#kernel.grsecurity.linking_restrictions = 1
+#kernel.grsecurity.dmesg = 1
+
+#
+# Misc Protections
+#
+
+#kernel.grsecurity.destroy_unused_shm = 1
+
+#
+# Socket Restrictions
+#
+
+#kernel.grsecurity.socket_server_gid = 1002
+#kernel.grsecurity.socket_server = 1
+#kernel.grsecurity.socket_client_gid = 1003
+#kernel.grsecurity.socket_client = 1
+#kernel.grsecurity.socket_all_gid = 1004
+#kernel.grsecurity.socket_all = 1
+
+#
+# Trusted Path Execution
+#
+
+#kernel.grsecurity.tpe_gid = 1005
+#kernel.grsecurity.tpe = 1
+
+#
+# Chroot Restrictions
+#
+
+#kernel.grsecurity.chroot_findtask = 1
+#kernel.grsecurity.chroot_deny_sysctl = 1
+#kernel.grsecurity.chroot_caps = 1
+#kernel.grsecurity.chroot_execlog = 1
+#kernel.grsecurity.chroot_restrict_nice = 1
+#kernel.grsecurity.chroot_deny_mknod = 1
+#kernel.grsecurity.chroot_deny_chmod = 1
+#kernel.grsecurity.chroot_enforce_chdir = 1
+#kernel.grsecurity.chroot_deny_pivot = 1
+#kernel.grsecurity.chroot_deny_chroot = 1
+#kernel.grsecurity.chroot_deny_fchdir = 1
+#kernel.grsecurity.chroot_deny_mount = 1
+#kernel.grsecurity.chroot_deny_unix = 1
+#kernel.grsecurity.chroot_deny_shmat = 1
+
+#
+# Auditing & Logging
+#
+
+kernel.grsecurity.audit_ipc = 1
+kernel.grsecurity.audit_mount = 1
+
+kernel.grsecurity.forkfail_logging = 1
+kernel.grsecurity.resource_logging = 1
+kernel.grsecurity.signal_logging = 1
+kernel.grsecurity.timechange_logging = 1
+
+#
+# Disable the loading of modules
+#
+
+#kernel.grsecurity.disable_modules = 1
+
+#
+# Finally lock the sysctl settings
+#
+
+#kernel.grsecurity.grsec_lock = 1