Menu
▾
▴
[Devil-linux-commit] build/scripts/scripts grsecurity.proc, 1.12, 1.13 upgrade-config, 1.51, 1.52
|
From: Heiko Z. <smi...@us...> - 2015-12-27 20:25:54
|
Update of /cvsroot/devil-linux/build/scripts/scripts In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv5743/scripts/scripts Modified Files: grsecurity.proc upgrade-config Log Message: adapting syslog config for new version update grsecurity proc options to new config Index: grsecurity.proc =================================================================== RCS file: /cvsroot/devil-linux/build/scripts/scripts/grsecurity.proc,v retrieving revision 1.12 retrieving revision 1.13 diff -u -d -r1.12 -r1.13 --- grsecurity.proc 26 Sep 2011 18:06:37 -0000 1.12 +++ grsecurity.proc 27 Dec 2015 20:25:52 -0000 1.13 @@ -1,7 +1,8 @@ -audit_chdir 0 -audit_mount 0 -chroot_caps 0 -chroot_deny_chmod 1 +audit_mount 1 +audit_ptrace 1 +chroot_caps1 1 +chroot_deny_bad_rename 1 +chroot_deny_chmod1 1 chroot_deny_chroot 1 chroot_deny_fchdir 1 chroot_deny_mknod 1 @@ -11,13 +12,18 @@ chroot_deny_sysctl 1 chroot_deny_unix 1 chroot_enforce_chdir 1 -chroot_execlog 0 chroot_findtask 1 chroot_restrict_nice 1 -dmesg 0 -exec_logging 0 -fifo_restrictions 0 +deter_bruteforce 1 +dmesg 1 +enforce_symlinksifowner 1 forkfail_logging 1 -linking_restrictions 0 +harden_ptrace 1 +linking_restrictions 1 +ptrace_readexec 1 +resource_logging 1 +rwxmap_logging 1 signal_logging 1 -timechange_logging 0 +symlinkown_gid 1 +timechange_logging 1 + Index: upgrade-config =================================================================== RCS file: /cvsroot/devil-linux/build/scripts/scripts/upgrade-config,v retrieving revision 1.51 retrieving revision 1.52 diff -u -d -r1.51 -r1.52 --- upgrade-config 25 Feb 2012 14:43:10 -0000 1.51 +++ upgrade-config 27 Dec 2015 20:25:52 -0000 1.52 @@ -351,7 +351,7 @@ # syslog-ng # remove all chroot jail entries and replace stream with dgram -# add compatability for syslog-ng >= 3.3 +# add compatability for syslog-ng >= 3.6 sed -e 's|unix-stream *( *"/jail[^;]*;||g' \ -e 's|unix-stream *( *"/dev/log"|unix-dgram("/dev/log"|' \ -e 's|sync(0)|flush_lines(0)|g' \ @@ -363,7 +363,7 @@ -e 's|unix-stream("/dev/log" max-connections(1000)|unix-stream("/dev/log" max-connections(100)|g' \ -e 's|^@version.*$||g' \ < /etc/syslog-ng/syslog-ng.conf > $TMPD -echo '@version: 3.3' > /etc/syslog-ng/syslog-ng.conf +echo '@version: 3.6' > /etc/syslog-ng/syslog-ng.conf cat $TMPD >> /etc/syslog-ng/syslog-ng.conf rm $TMPD |
