From 04bf2001be9428d84c19aa5e988bd9e46ed797fa Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Tue, 21 May 2024 18:46:38 +0200 Subject: [PATCH 1/1] - PLD merge: drop grsecurity sysctl knobs --- sysctl.conf | 52 ---------------------------------------------------- 1 file changed, 52 deletions(-) diff --git a/sysctl.conf b/sysctl.conf index a34935b..de26cd5 100644 --- a/sysctl.conf +++ b/sysctl.conf @@ -140,58 +140,6 @@ kernel.sysrq = 1 # 0 - never reboot system (suggested 60) #kernel.panic = 60 -# -# GRSECURITY http://www.grsecurity.org -# -# WARNING! -# These values are SET ONCE! -# -#kernel.grsecurity.linking_restrictions = 1 -#kernel.grsecurity.fifo_restrictions = 1 -#kernel.grsecurity.destroy_unused_shm = 0 -#kernel.grsecurity.chroot_caps = 0 -#kernel.grsecurity.chroot_deny_chmod = 0 -#kernel.grsecurity.chroot_deny_chroot = 1 -#kernel.grsecurity.chroot_deny_fchdir = 0 -#kernel.grsecurity.chroot_deny_mknod = 1 -#kernel.grsecurity.chroot_deny_mount = 1 -#kernel.grsecurity.chroot_deny_pivot = 1 -#kernel.grsecurity.chroot_deny_shmat = 0 -#kernel.grsecurity.chroot_deny_sysctl = 1 -#kernel.grsecurity.chroot_deny_unix = 0 -#kernel.grsecurity.chroot_enforce_chdir = 0 -#kernel.grsecurity.chroot_execlog = 0 -#kernel.grsecurity.chroot_findtask = 1 -#kernel.grsecurity.chroot_restrict_nice = 0 - -#kernel.grsecurity.exec_logging = 0 -#kernel.grsecurity.signal_logging = 1 -#kernel.grsecurity.forkfail_logging = 0 -#kernel.grsecurity.timechange_logging = 1 -#kernel.grsecurity.audit_chdir = 0 -#kernel.grsecurity.audit_gid = 65505 -#kernel.grsecurity.audit_group = 0 -#kernel.grsecurity.audit_ipc = 0 -#kernel.grsecurity.audit_mount = 0 - -#kernel.grsecurity.execve_limiting = 1 -#kernel.grsecurity.dmesg = 1 -#kernel.grsecurity.tpe = 1 -#kernel.grsecurity.tpe_gid = 65500 -#kernel.grsecurity.tpe_glibc = 0 -#kernel.grsecurity.tpe_restrict_all = 0 - -#kernel.grsecurity.rand_pids = 1 -#kernel.grsecurity.socket_all = 1 -#kernel.grsecurity.socket_all_gid = 65501 -#kernel.grsecurity.socket_client = 1 -#kernel.grsecurity.socket_client_gid = 65502 -#kernel.grsecurity.socket_server = 1 -#kernel.grsecurity.socket_server_gid = 65503 - -#kernel.grsecurity.disable_modules = 0 -#kernel.grsecurity.grsec_lock = 0 - # kernel.randomize_va_space = 2 # 0 - Turn the process address space randomization off by default. # 1 - Conservative address space randomization makes the addresses of -- 2.46.0