[grsec] info still visible in /proc
Ariel Garcia
garcia at iwr.fzk.de
Thu Jan 24 03:10:43 EST 2008
Hi,
> I configured grsec to limit /proc access to group 0 only:
>
> CONFIG_GRKERNSEC_PROC=y
> # CONFIG_GRKERNSEC_PROC_USER is not set
> CONFIG_GRKERNSEC_PROC_USERGROUP=y
> CONFIG_GRKERNSEC_PROC_GID=0
> CONFIG_GRKERNSEC_PROC_ADD=y
>
> However some things that [I think] should be hidden are not:
did you check if gresec is being enforced?
CONFIG_GRKERNSEC_SYSCTL (provides de/activation of grsec over /sys)
CONFIG_GRKERNSEC_SYSCTL_ON (Turn on features by default )
Hope it helps
Cheers, Ariel
More information about the grsecurity
mailing list