>From 7bd8a6a678792261684998ac848aabeb2602c05c Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Wed, 11 Sep 2013 19:35:42 -0400 Subject: [PATCH 08/22] Added remediation: set_sysctl_kernel_dmesg_restrict From template
--- .../fixes/bash/set_sysctl_kernel_dmesg_restrict.sh | 16 ++++++++++++++++ 1 files changed, 16 insertions(+), 0 deletions(-) create mode 100644 RHEL6/input/fixes/bash/set_sysctl_kernel_dmesg_restrict.sh diff --git a/RHEL6/input/fixes/bash/set_sysctl_kernel_dmesg_restrict.sh b/RHEL6/input/fixes/bash/set_sysctl_kernel_dmesg_restrict.sh new file mode 100644 index 0000000..7420664 --- /dev/null +++ b/RHEL6/input/fixes/bash/set_sysctl_kernel_dmesg_restrict.sh @@ -0,0 +1,16 @@ +# +# Set runtime for kernel.dmesg_restrict +# +sysctl -q -n -w kernel.dmesg_restrict=1 + +# +# If kernel.dmesg_restrict present in /etc/sysctl.conf, change value to "1" +# else, add "kernel.dmesg_restrict = 1" to /etc/sysctl.conf +# +if grep --silent ^kernel.dmesg_restrict /etc/sysctl.conf ; then + sed -i 's/^kernel.dmesg_restrict.*/kernel.dmesg_restrict = 1/g' /etc/sysctl.conf +else + echo "" >> /etc/sysctl.conf + echo "# Set kernel.dmesg_restrict to 1 per security requirements" >> /etc/sysctl.conf + echo "kernel.dmesg_restrict = 1" >> /etc/sysctl.conf +fi -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
