capctl - Linux Capability Control.

Disclaimer: this is experimental code. use at your
own risk.

License: you can do anything you want with this piece of
code under the terms of the GNU General Public License.


Compile/Install it by typing:

	make

If successful, the binary 'capctl' 
will be created. copy it to your
/sbin directory if you wish.

It has the ff options:

	capctl [-m] [-r] [-i] [-t] [-n]

Examples:

0) To see the capability settings, simply type:

	capctl

	note: if a capability is still enabled,
	it will have a (+) sign.

1) To disable further loading of modules:

	capctl -m

	note: unloading will also be disabled.
	bugs: after this, capctl may no longer allow further capability
	manipulation in some kernels. i think it's a kernel bug. 

2) To prevent direct access to kernel memory

	capctl -r

	note: X will no longer function.

2) To be really paranoid about module loading:

	capctl -m -r

3) To prevent system date tampering:

	capctl -t

	note: ntp will no longer function.

4) To prevent manipulation of your immutable files:

	capctl -i

5) To prevent manipulation of your network interface
   config, firewall rules and routing tables:

	capctl -n

	note: promiscuous mode toggling will also not be possible.


Notes:

1) Only a reboot will re-enable the above capabilities.
2) Tested on kernels 2.2.x and 2.4.x on i386.

-Enjoy!
 pong

