--- /dev/null
+# Begin /etc/grsec/sysctl.conf
+
+# Locking all settings - must be the last line
+kernel.grsecurity.grsec_lock = 1
+
+# End /etc/grsec/sysctl.conf
@$(PREBUILD)
# Create directories
- -mkdir -pv /{bin,boot,etc/{opt,sysconfig},home,lib,mnt,opt}
+ -mkdir -pv /{bin,boot,etc/{grsec,opt,sysconfig},home,lib,mnt,opt}
-mkdir -pv /{media/{floppy,cdrom},sbin,srv,var}
-install -dv -m 0750 /root
-install -dv -m 1777 /tmp /var/tmp
for i in $$(find $(DIR_CONFIG)/root/ -type f); do \
cp -vf $$i /root; \
done
+ for i in $$(find $(DIR_SRC)/config/grsecurity/ -type f); do \
+ cp -vf $$i /etc/grsec; \
+ done
-mkdir -pv /etc/modprobe.d
cp -av $(DIR_CONF)/modprobe.d/* /etc/modprobe.d/
sysctl -q -p
evaluate_retval standard
fi
+ if [ -d "/proc/sys/kernel/grsecurity" -a \
+ -f "/etc/grsec/sysctl.conf" ]; then
+ message="Setting grsecurity parameters..."
+ sysctl -q -p /etc/grsec/sysctl.conf
+ evaluate_retval standard
+ fi
;;
status)
--- /dev/null
+# Begin /etc/grsec/sysctl.conf
+
+# Disable chroot caps
+kernel.grsecurity.chroot_caps = 0
+
+# Locking all settings - must be the last line
+kernel.grsecurity.grsec_lock = 1
+
+# End /etc/grsec/sysctl.conf