Movatterモバイル変換


[0]ホーム

URL:


Jump to content
WikibooksThe Free Textbook Project
Search

Grsecurity/Runtime Configuration

From Wikibooks, open books for an open world
<Grsecurity
Grsecurity
Additional UtilitiesRuntime ConfigurationTroubleshooting


The sysctl Interface

[edit |edit source]

Thesysctl command provides an interface for modifying kernel parameters at runtime. There is an option in the grsecurity kernel configuration to enable support for this interface (seeConfiguring grsecurity). In Linux,sysctl is simply a wrapper around filesystem routines that read and write contents of files in the/proc directory. This means that you can also set parameters by echoing values to files in/proc. See theAppendix for a list of all available sysctl options for grsecurity.

Usage

[edit |edit source]

Thesysctl command takes a list ofvariables orvariable=value pairs and sets or reads their value. Variable is a path to a file in/proc/sys separated by periods or forward slashes. The value depends on the parameter in question. Most of grsecurity's options are either 1 (enabled) or 0 (disabled).

Sysctl's man page is available online athttp://linux.die.net/man/8/sysctl.

Examples

[edit |edit source]

If you want to know every available runtime option for grsecurity, list the contents of/proc/sys/kernel/grsecurity.

To enable mount auditing and disable chdir auditing in a singlesysctl command, run:

# sysctl kernel.grsecurity.audit_mount=1 kernel.grsecurity.audit_chdir=0kernel.grsecurity.audit_mount = 1kernel.grsecurity.audit_chdir = 0

You can achieve the same result by echoing:

# echo 1 > /proc/sys/kernel/grsecurity/audit_mount# echo 0 > /proc/sys/kernel/grsecurity/audit_chdir
Next Page: Troubleshooting | Previous Page: Additional Utilities
Home: Grsecurity
Retrieved from "https://en.wikibooks.org/w/index.php?title=Grsecurity/Runtime_Configuration&oldid=2606743"
Category:

[8]ページ先頭

©2009-2025 Movatter.jp