LinuxQuestions.org - grsecurity post-kernel configs

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - grsecurity post-kernel configs (https://www.linuxquestions.org/questions/linux-security-4/grsecurity-post-kernel-configs-31211/)

tarballedtux

09-25-2002 05:42 PM

grsecurity post-kernel configs

OK, I compiled lq3 nicely with alot of grsec stuff. Now in /proc/sys/kernel/grsecurity/ I have stuff like tpe,and audit* files. During the kernel config I selected the default GIDs is there a way to change it? Without recompiling.

About the other options, like altered pings and rand_pids. How can I tell if there working?

--tarballedtux

unSpawn

09-25-2002 06:42 PM

Excellent!
If you selected grsec to have sysctl support, yes:
either by echoing like: "echo (var) > /proc/sys/kernel/grsecurity/grsec_lock" or use a config file:
sysctl -e -p /location/sysctl.grsec.conf
If you try to vary /proc settings it comes in handy to have separate sysctl.conf's. Note if you tried the first example and echoed a "1" it would freeze grsec settings untill reboot.
Note 2 if you want to try the ACL system you need gradm from grsecurity.net.

tarballedtux

09-25-2002 07:04 PM

Hmm, what exactly do you mean. I know all I have to do is echo a non-zero value into the grsec-sysctl file. But did you mean that for the audit_* files I could echo in a GUID to activate it and specify the GUID I want to audit?

-tarballedtux

unSpawn

09-25-2002 07:30 PM

Yes, you can echo the GID into audit_gid (as for any ^*_gid), the other ^audit_* entries only hold binary values.

All times are GMT -5. The time now is 05:57 AM.