Is GRSec installed properly?

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Moderators: spender, PaX Team

Is GRSec installed properly?

Postby wayne » Tue Jun 14, 2016 11:58 am

First of all, thanks to everyone for making this tool available!
I have installed the test patch 4.5.7 on my Mint 17.3 install. Apparently all is well, and uname -r confirms I'm running 4.5.7grsec1.0-grsec
yet when I check I find inconsistent values.

For example in /proc/sys/kernel/grsecurity/ I find a set of values including
Code: Select all
chroot_caps       
chroot_deny_unix   
harden_ptrace
chroot_deny_chmod
chroot_enforce_chdir
ip_blackhole
chroot_deny_chroot


But in each case the value is set to 0 - I would have expected this to be set to 1

and the file /etc/sysctl.conf looks strange too.....web searches suggest that this should be, for example, in the style of

Code: Select all
kernel.grsecurity.chroot_deny_sysctl = 1
kernel.grsecurity.chroot_caps = 1
kernel.grsecurity.chroot_execlog = 0
kernel.grsecurity.chroot_restrict_nice = 1
kernel.grsecurity.chroot_deny_mknod = 1
kernel.grsecurity.chroot_deny_chmod = 1


Does this sound that I have done something wrong with the patching/or install of this version?
any help greatly appreciated.
wayne
 
Posts: 1
Joined: Tue Jun 14, 2016 11:42 am

Return to grsecurity support