Is GRSec installed properly?
Posted: Tue Jun 14, 2016 11:58 amFirst of all, thanks to everyone for making this tool available!
I have installed the test patch 4.5.7 on my Mint 17.3 install. Apparently all is well, and uname -r confirms I'm running 4.5.7grsec1.0-grsec
yet when I check I find inconsistent values.
For example in /proc/sys/kernel/grsecurity/ I find a set of values including
But in each case the value is set to 0 - I would have expected this to be set to 1
and the file /etc/sysctl.conf looks strange too.....web searches suggest that this should be, for example, in the style of
Does this sound that I have done something wrong with the patching/or install of this version?
any help greatly appreciated.
I have installed the test patch 4.5.7 on my Mint 17.3 install. Apparently all is well, and uname -r confirms I'm running 4.5.7grsec1.0-grsec
yet when I check I find inconsistent values.
For example in /proc/sys/kernel/grsecurity/ I find a set of values including
- Code: Select all
chroot_caps
chroot_deny_unix
harden_ptrace
chroot_deny_chmod
chroot_enforce_chdir
ip_blackhole
chroot_deny_chroot
But in each case the value is set to 0 - I would have expected this to be set to 1
and the file /etc/sysctl.conf looks strange too.....web searches suggest that this should be, for example, in the style of
- Code: Select all
kernel.grsecurity.chroot_deny_sysctl = 1
kernel.grsecurity.chroot_caps = 1
kernel.grsecurity.chroot_execlog = 0
kernel.grsecurity.chroot_restrict_nice = 1
kernel.grsecurity.chroot_deny_mknod = 1
kernel.grsecurity.chroot_deny_chmod = 1
Does this sound that I have done something wrong with the patching/or install of this version?
any help greatly appreciated.