Update of /cvsroot/devil-linux/build/scripts/scripts
In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv5743/scripts/scripts
Modified Files:
grsecurity.proc upgrade-config
Log Message:
adapting syslog config for new version
update grsecurity proc options to new config
Index: grsecurity.proc
===================================================================
RCS file: /cvsroot/devil-linux/build/scripts/scripts/grsecurity.proc,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- grsecurity.proc 26 Sep 2011 18:06:37 -0000 1.12
+++ grsecurity.proc 27 Dec 2015 20:25:52 -0000 1.13
@@ -1,7 +1,8 @@
-audit_chdir 0
-audit_mount 0
-chroot_caps 0
-chroot_deny_chmod 1
+audit_mount 1
+audit_ptrace 1
+chroot_caps1 1
+chroot_deny_bad_rename 1
+chroot_deny_chmod1 1
chroot_deny_chroot 1
chroot_deny_fchdir 1
chroot_deny_mknod 1
@@ -11,13 +12,18 @@
chroot_deny_sysctl 1
chroot_deny_unix 1
chroot_enforce_chdir 1
-chroot_execlog 0
chroot_findtask 1
chroot_restrict_nice 1
-dmesg 0
-exec_logging 0
-fifo_restrictions 0
+deter_bruteforce 1
+dmesg 1
+enforce_symlinksifowner 1
forkfail_logging 1
-linking_restrictions 0
+harden_ptrace 1
+linking_restrictions 1
+ptrace_readexec 1
+resource_logging 1
+rwxmap_logging 1
signal_logging 1
-timechange_logging 0
+symlinkown_gid 1
+timechange_logging 1
+
Index: upgrade-config
===================================================================
RCS file: /cvsroot/devil-linux/build/scripts/scripts/upgrade-config,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -d -r1.51 -r1.52
--- upgrade-config 25 Feb 2012 14:43:10 -0000 1.51
+++ upgrade-config 27 Dec 2015 20:25:52 -0000 1.52
@@ -351,7 +351,7 @@
# syslog-ng
# remove all chroot jail entries and replace stream with dgram
-# add compatability for syslog-ng >= 3.3
+# add compatability for syslog-ng >= 3.6
sed -e 's|unix-stream *( *"/jail[^;]*;||g' \
-e 's|unix-stream *( *"/dev/log"|unix-dgram("/dev/log"|' \
-e 's|sync(0)|flush_lines(0)|g' \
@@ -363,7 +363,7 @@
-e 's|unix-stream("/dev/log" max-connections(1000)|unix-stream("/dev/log" max-connections(100)|g' \
-e 's|^@version.*$||g' \
< /etc/syslog-ng/syslog-ng.conf > $TMPD
-echo '@version: 3.3' > /etc/syslog-ng/syslog-ng.conf
+echo '@version: 3.6' > /etc/syslog-ng/syslog-ng.conf
cat $TMPD >> /etc/syslog-ng/syslog-ng.conf
rm $TMPD
|
