Bug#605090:

To: 605090@bugs.debian.org
Subject: Bug#605090:
From: HacKurx <hackurx@gmail.com>
Date: Tue, 5 Jan 2016 15:33:27 +0100
Message-id: <[🔎] CAFwXZv-P52vdTd1zDQPG1BkVfm3hguqaOTsGOspdWj9Fwc_yUQ@mail.gmail.com>
Reply-to: HacKurx <hackurx@gmail.com>, 605090@bugs.debian.org
In-reply-to: <[🔎] CAFwXZv82yev2K-0fcf2PVqncnm5ETw3LZJVCHwWrh_gpWgORWA@mail.gmail.com>
References: <[🔎] CAFwXZv82yev2K-0fcf2PVqncnm5ETw3LZJVCHwWrh_gpWgORWA@mail.gmail.com>

There are 52 variables sysctl with grsecurity but 42 are used in
grsec.conf (linux-grsec-base-0.1).
To know the list :
cat /usr/src/linux-4.3.3/grsecurity/grsec_sysctl.c | grep "\.procname"

kernel.grsecurity.disable_priv_io
kernel.grsecurity.linking_restrictions
kernel.grsecurity.enforce_symlinksifowner
kernel.grsecurity.symlinkown_gid
kernel.grsecurity.deter_bruteforce
kernel.grsecurity.fifo_restrictions
kernel.grsecurity.ptrace_readexec
kernel.grsecurity.consistent_setxid
kernel.grsecurity.ip_blackhole
kernel.grsecurity.lastack_retries
kernel.grsecurity.exec_logging
kernel.grsecurity.rwxmap_logging
kernel.grsecurity.signal_logging
kernel.grsecurity.forkfail_logging
kernel.grsecurity.timechange_logging
kernel.grsecurity.chroot_deny_shmat
kernel.grsecurity.chroot_deny_unix
kernel.grsecurity.chroot_deny_mount
kernel.grsecurity.chroot_deny_fchdir
kernel.grsecurity.chroot_deny_chroot
kernel.grsecurity.chroot_deny_pivot
kernel.grsecurity.chroot_enforce_chdir
kernel.grsecurity.chroot_deny_chmod
kernel.grsecurity.chroot_deny_mknod
kernel.grsecurity.chroot_restrict_nice
kernel.grsecurity.chroot_execlog
kernel.grsecurity.chroot_caps
kernel.grsecurity.chroot_deny_bad_rename
kernel.grsecurity.chroot_deny_sysctl
kernel.grsecurity.tpe
kernel.grsecurity.tpe_gid
kernel.grsecurity.tpe_invert
kernel.grsecurity.tpe_restrict_all
kernel.grsecurity.socket_all
kernel.grsecurity.socket_all_gid
kernel.grsecurity.socket_client
kernel.grsecurity.socket_client_gid
kernel.grsecurity.socket_server
kernel.grsecurity.socket_server_gid
kernel.grsecurity.audit_group
kernel.grsecurity.audit_gid
kernel.grsecurity.audit_chdir
kernel.grsecurity.audit_mount
kernel.grsecurity.dmesg
kernel.grsecurity.chroot_findtask
kernel.grsecurity.resource_logging
kernel.grsecurity.audit_ptrace
kernel.grsecurity.harden_ptrace
kernel.grsecurity.harden_ipc
kernel.grsecurity.grsec_lock
kernel.grsecurity.romount_protect
kernel.grsecurity.deny_new_usb

"kernel.pax.softmode" is not listed in that.

 --
 Best regards,

 HacKurx (Loic)
 blog.opensec.fr

Reply to:

Follow-Ups:
- Bug#605090:
  - From: Yves-Alexis Perez <corsac@debian.org>

References:
- Bug#605090:
  - From: HacKurx <hackurx@gmail.com>

Prev by Date: Bug#605090:
Next by Date: Bug#746554: Bug#770603: fte - package sponsorship
Previous by thread: Bug#605090:
Next by thread: Bug#605090:
Index(es):
- Date
- Thread