blob: d0bff63f6f3f7a67409f7c4ddc9cf3a486161c56 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
#!/sbin/runscript
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/files/grsecurity.rc,v 1.9 2004/07/15 00:42:30 agriffis Exp $
# Note: chpax support has been removed from this init script.
# Configure /etc/conf.d/chpax and add chpax to your default runlevel instead
PROCDIR=/proc/sys/kernel/grsecurity
depend() {
need bootmisc localmount
after chpax
}
checkconfig() {
if [ ! -d ${PROCDIR} ] ; then
eerror "You must have GR security turned on in your kernel."
return 1
fi
}
start() {
checkconfig || return 1
ebegin "Starting grsecurity"
for x in ${ENABLED}; do
# [ -f ${PROCDIR}/${x} ] && continue
# einfo "\tEnabling kernel.grsecurity.${x}"
case "${x}" in
audit_group)
echo ${audit_gid} > ${PROCDIR}/audit_gid
echo 1 > ${PROCDIR}/${x}
;;
tpe)
echo ${tpe_gid} > ${PROCDIR}/tpe_gid
echo 1 > ${PROCDIR}/${x}
;;
allow_ptrace_group)
echo ${ptrace_gid} > ${PROCDIR}/ptrace_gid
echo 1 > ${PROCDIR}/${x}
;;
fork_bomb_prot)
echo ${fork_bomb_gid} >${PROCDIR}/fork_bomb_gid
echo ${fork_bomb_sec} >${PROCDIR}/fork_bomb_sec
echo ${fork_bomb_max} >${PROCDIR}/fork_bomb_max
echo 1 > ${PROCDIR}/${x}
;;
socket_all)
echo ${socket_all_gid} >${PROCDIR}/socket_all_gid
echo 1 > ${PROCDIR}/${x}
;;
socket_client)
echo ${socket_client_gid} >${PROCDIR}/socket_client_gid
echo 1 > ${PROCDIR}/${x}
;;
socket_server)
echo ${socket_server_gid} >${PROCDIR}/socket_server_gid
echo 1 > ${PROCDIR}/${x}
;;
*)
[ -f ${PROCDIR}/${x} ] && echo 1 >${PROCDIR}/${x}
;;
esac
done
[ -f ${PROCDIR}/grsec_lock ] && echo ${LOCK} >${PROCDIR}/grsec_lock
eend ${?}
}
#stop() {
# ebegin "Stopping grsecurity"
# eend ${?}
#}
|
GitWeb