[arch-commits] Commit in grsec-common/repos/community-any (6 files)
Date: Tuesday, July 21, 2015 @ 03:14:29 Author: thestinger Revision: 137191 archrelease: copy trunk to community-any Added: grsec-common/repos/community-any/05-grsecurity.conf (from rev 137190, grsec-common/trunk/05-grsecurity.conf) grsec-common/repos/community-any/PKGBUILD (from rev 137190, grsec-common/trunk/PKGBUILD) grsec-common/repos/community-any/grsec-common.install (from rev 137190, grsec-common/trunk/grsec-common.install) Deleted: grsec-common/repos/community-any/05-grsecurity.conf grsec-common/repos/community-any/PKGBUILD grsec-common/repos/community-any/grsec-common.install --+ 05-grsecurity.conf | 262 - PKGBUILD | 34 +++--- grsec-common.install | 24 +--- 3 files changed, 155 insertions(+), 165 deletions(-) Deleted: 05-grsecurity.conf === --- 05-grsecurity.conf 2015-07-21 01:13:41 UTC (rev 137190) +++ 05-grsecurity.conf 2015-07-21 01:14:29 UTC (rev 137191) @@ -1,131 +0,0 @@ -# All features in the kernel.grsecurity namespace are disabled by default. - -# -# Disable PaX enforcement by default. -# -# The `paxd` package sets softmode back to 0 in a configuration file loaded -# after this one. It automatically handles setting exceptions from the PaX -# exploit mitigations after Pacman operations. Altering the setting manually -# rather than using `paxd` is not recommended. -# - -kernel.pax.softmode = 1 - -# -# Memory protections -# - -#kernel.grsecurity.disable_priv_io = 1 -kernel.grsecurity.deter_bruteforce = 1 - -# -# Race free SymLinksIfOwnerMatch for web servers -# -# symlinkown_gid: http group -# - -kernel.grsecurity.enforce_symlinksifowner = 1 -kernel.grsecurity.symlinkown_gid = 33 - -# -# FIFO restrictions -# -# Prevent writing to a FIFO in a world-writable sticky directory (e.g. /tmp), -# unless the owner of the FIFO is the same owner of the directory it's held in. -# - -kernel.grsecurity.fifo_restrictions = 1 - -# -# Deny any further rw mounts -# - -#kernel.grsecurity.romount_protect = 1 - -# -# chroot restrictions (the commented options will break containers) -# - -#kernel.grsecurity.chroot_caps = 1 -kernel.grsecurity.chroot_deny_bad_rename = 1 -#kernel.grsecurity.chroot_deny_chmod = 1 -#kernel.grsecurity.chroot_deny_chroot = 1 -kernel.grsecurity.chroot_deny_fchdir = 1 -#kernel.grsecurity.chroot_deny_mknod = 1 -#kernel.grsecurity.chroot_deny_mount = 1 -#kernel.grsecurity.chroot_deny_pivot = 1 -kernel.grsecurity.chroot_deny_shmat = 1 -kernel.grsecurity.chroot_deny_sysctl = 1 -kernel.grsecurity.chroot_deny_unix = 1 -kernel.grsecurity.chroot_enforce_chdir = 1 -kernel.grsecurity.chroot_findtask = 1 -#kernel.grsecurity.chroot_restrict_nice = 1 - -# -# Kernel auditing -# -# audit_group: Restrict exec/chdir logging to a group. -# audit_gid: audit group -# - -#kernel.grsecurity.audit_group = 1 -kernel.grsecurity.audit_gid = 201 -#kernel.grsecurity.exec_logging = 1 -#kernel.grsecurity.resource_logging = 1 -#kernel.grsecurity.chroot_execlog = 1 -#kernel.grsecurity.audit_ptrace = 1 -#kernel.grsecurity.audit_chdir = 1 -#kernel.grsecurity.audit_mount = 1 -#kernel.grsecurity.signal_logging = 1 -#kernel.grsecurity.forkfail_logging = 1 -#kernel.grsecurity.timechange_logging = 1 -kernel.grsecurity.rwxmap_logging = 1 - -# -# Executable protections -# - -kernel.grsecurity.harden_ptrace = 1 -kernel.grsecurity.ptrace_readexec = 1 -kernel.grsecurity.consistent_setxid = 1 -kernel.grsecurity.harden_ipc = 1 - -# -# Trusted Path Execution -# -# tpe_gid: tpe group -# - -#kernel.grsecurity.tpe = 1 -kernel.grsecurity.tpe_gid = 200 -#kernel.grsecurity.tpe_invert = 1 -kernel.grsecurity.tpe_restrict_all = 1 - -# -# Network protections -# -# socket_all_gid:socket-deny-all group -# socket_client_gid: socket-deny-client group -# socket_server_gid: socket-deny-server group -# - -#kernel.grsecurity.ip_blackhole = 1 -kernel.grsecurity.lastack_retries = 4 -kernel.grsecurity.socket_all = 1 -kernel.grsecurity.socket_all_gid = 202 -kernel.grsecurity.socket_client = 1 -kernel.grsecurity.socket_client_gid = 203 -kernel.grsecurity.socket_server = 1 -kernel.grsecurity.socket_server_gid = 204 - -# -# Prevent any new USB devices from being recognized by the OS. -# - -#kernel.grsecurity.deny_new_usb = 1 - -# -# Restrict grsec sysctl changes after this was set -# - -#kernel.grsecurity.grsec_lock = 1 Copied: grsec-common/repos/community-any/05-grsecurity.conf (from rev 137190, grsec-common/trunk/05-grsecurity.conf) === --- 05-grsecurity.conf (rev 0) +++ 05-grsecurity.conf 2015-07-21 01:14:29 UTC (rev 137191) @@ -0,0 +1,131 @@ +# All features in the kernel.grsecurity namespace are disabled by default. + +# +# Disable PaX enforcement by default. +# +# The `paxd` package sets softmode back to 0 in a configuration file loaded +# after this one. It automatically
[arch-commits] Commit in grsec-common/repos/community-any (6 files)
Date: Thursday, January 29, 2015 @ 02:14:25 Author: thestinger Revision: 126719 archrelease: copy trunk to community-any Added: grsec-common/repos/community-any/05-grsecurity.conf (from rev 126718, grsec-common/trunk/05-grsecurity.conf) grsec-common/repos/community-any/PKGBUILD (from rev 126718, grsec-common/trunk/PKGBUILD) grsec-common/repos/community-any/grsec-common.install (from rev 126718, grsec-common/trunk/grsec-common.install) Deleted: grsec-common/repos/community-any/05-grsecurity.conf grsec-common/repos/community-any/PKGBUILD grsec-common/repos/community-any/grsec-common.install --+ 05-grsecurity.conf | 261 - PKGBUILD | 34 +++--- grsec-common.install | 34 +++--- 3 files changed, 165 insertions(+), 164 deletions(-) Deleted: 05-grsecurity.conf === --- 05-grsecurity.conf 2015-01-29 01:14:03 UTC (rev 126718) +++ 05-grsecurity.conf 2015-01-29 01:14:25 UTC (rev 126719) @@ -1,130 +0,0 @@ -# All features in the kernel.grsecurity namespace are disabled by default. - -# -# Disable PaX enforcement by default. -# -# The `paxd` package sets softmode back to 0 in a configuration file loaded -# after this one. It automatically handles setting exceptions from the PaX -# exploit mitigations after Pacman operations. Altering the setting manually -# rather than using `paxd` is not recommended. -# - -kernel.pax.softmode = 1 - -# -# Memory protections -# - -#kernel.grsecurity.disable_priv_io = 1 -kernel.grsecurity.deter_bruteforce = 1 - -# -# Race free SymLinksIfOwnerMatch for web servers -# -# symlinkown_gid: http group -# - -kernel.grsecurity.enforce_symlinksifowner = 1 -kernel.grsecurity.symlinkown_gid = 33 - -# -# FIFO restrictions -# -# Prevent writing to a FIFO in a world-writable sticky directory (e.g. /tmp), -# unless the owner of the FIFO is the same owner of the directory it's held in. -# - -kernel.grsecurity.fifo_restrictions = 1 - -# -# Deny any further rw mounts -# - -#kernel.grsecurity.romount_protect = 1 - -# -# chroot restrictions (the commented options will break containers) -# - -#kernel.grsecurity.chroot_caps = 1 -#kernel.grsecurity.chroot_deny_chmod = 1 -#kernel.grsecurity.chroot_deny_chroot = 1 -kernel.grsecurity.chroot_deny_fchdir = 1 -#kernel.grsecurity.chroot_deny_mknod = 1 -#kernel.grsecurity.chroot_deny_mount = 1 -#kernel.grsecurity.chroot_deny_pivot = 1 -kernel.grsecurity.chroot_deny_shmat = 1 -kernel.grsecurity.chroot_deny_sysctl = 1 -kernel.grsecurity.chroot_deny_unix = 1 -kernel.grsecurity.chroot_enforce_chdir = 1 -kernel.grsecurity.chroot_findtask = 1 -#kernel.grsecurity.chroot_restrict_nice = 1 - -# -# Kernel auditing -# -# audit_group: Restrict exec/chdir logging to a group. -# audit_gid: audit group -# - -#kernel.grsecurity.audit_group = 1 -kernel.grsecurity.audit_gid = 201 -#kernel.grsecurity.exec_logging = 1 -#kernel.grsecurity.resource_logging = 1 -#kernel.grsecurity.chroot_execlog = 1 -#kernel.grsecurity.audit_ptrace = 1 -#kernel.grsecurity.audit_chdir = 1 -#kernel.grsecurity.audit_mount = 1 -#kernel.grsecurity.signal_logging = 1 -#kernel.grsecurity.forkfail_logging = 1 -#kernel.grsecurity.timechange_logging = 1 -kernel.grsecurity.rwxmap_logging = 1 - -# -# Executable protections -# - -kernel.grsecurity.harden_ptrace = 1 -kernel.grsecurity.ptrace_readexec = 1 -kernel.grsecurity.consistent_setxid = 1 -kernel.grsecurity.harden_ipc = 1 - -# -# Trusted Path Execution -# -# tpe_gid: tpe group -# - -#kernel.grsecurity.tpe = 1 -kernel.grsecurity.tpe_gid = 200 -#kernel.grsecurity.tpe_invert = 1 -kernel.grsecurity.tpe_restrict_all = 1 - -# -# Network protections -# -# socket_all_gid:socket-deny-all group -# socket_client_gid: socket-deny-client group -# socket_server_gid: socket-deny-server group -# - -#kernel.grsecurity.ip_blackhole = 1 -kernel.grsecurity.lastack_retries = 4 -kernel.grsecurity.socket_all = 1 -kernel.grsecurity.socket_all_gid = 202 -kernel.grsecurity.socket_client = 1 -kernel.grsecurity.socket_client_gid = 203 -kernel.grsecurity.socket_server = 1 -kernel.grsecurity.socket_server_gid = 204 - -# -# Prevent any new USB devices from being recognized by the OS. -# - -#kernel.grsecurity.deny_new_usb = 1 - -# -# Restrict grsec sysctl changes after this was set -# - -#kernel.grsecurity.grsec_lock = 1 Copied: grsec-common/repos/community-any/05-grsecurity.conf (from rev 126718, grsec-common/trunk/05-grsecurity.conf) === --- 05-grsecurity.conf (rev 0) +++ 05-grsecurity.conf 2015-01-29 01:14:25 UTC (rev 126719) @@ -0,0 +1,131 @@ +# All features in the kernel.grsecurity namespace are disabled by default. + +# +# Disable PaX enforcement by default. +# +# The `paxd` package sets softmode back to 0 in a configuration file loaded +# after this one. It automatically handles setting exceptions from the PaX
[arch-commits] Commit in grsec-common/repos/community-any (6 files)
Date: Tuesday, October 14, 2014 @ 18:31:20 Author: thestinger Revision: 120655 archrelease: copy trunk to community-any Added: grsec-common/repos/community-any/05-grsecurity.conf (from rev 120654, grsec-common/trunk/05-grsecurity.conf) grsec-common/repos/community-any/PKGBUILD (from rev 120654, grsec-common/trunk/PKGBUILD) grsec-common/repos/community-any/grsec-common.install (from rev 120654, grsec-common/trunk/grsec-common.install) Deleted: grsec-common/repos/community-any/05-grsecurity.conf grsec-common/repos/community-any/PKGBUILD grsec-common/repos/community-any/grsec-common.install --+ 05-grsecurity.conf | 260 - PKGBUILD | 34 +++--- grsec-common.install | 36 +++--- 3 files changed, 164 insertions(+), 166 deletions(-) Deleted: 05-grsecurity.conf === --- 05-grsecurity.conf 2014-10-14 16:30:57 UTC (rev 120654) +++ 05-grsecurity.conf 2014-10-14 16:31:20 UTC (rev 120655) @@ -1,130 +0,0 @@ -# All features in the kernel.grsecurity namespace are disabled by default. - -# -# Disable PaX enforcement by default. -# -# The `paxd` package sets softmode back to 0 in a configuration file loaded -# after this one. It automatically handles setting exceptions from the PaX -# exploit mitigations after Pacman operations. Altering the setting manually -# rather than using `paxd` is not recommended. -# - -kernel.pax.softmode = 1 - -# -# Memory protections -# - -#kernel.grsecurity.disable_priv_io = 1 -kernel.grsecurity.deter_bruteforce = 1 - -# -# Race free SymLinksIfOwnerMatch for web servers -# -# symlinkown_gid: http group -# - -kernel.grsecurity.enforce_symlinksifowner = 1 -kernel.grsecurity.symlinkown_gid = 33 - -# -# FIFO restrictions -# -# Prevent writing to a FIFO in a world-writable sticky directory (e.g. /tmp), -# unless the owner of the FIFO is the same owner of the directory it's held in. -# - -kernel.grsecurity.fifo_restrictions = 1 - -# -# Deny any further rw mounts -# - -#kernel.grsecurity.romount_protect = 1 - -# -# chroot restrictions (the commented options will break containers) -# - -#kernel.grsecurity.chroot_caps = 1 -#kernel.grsecurity.chroot_deny_chmod = 1 -#kernel.grsecurity.chroot_deny_chroot = 1 -kernel.grsecurity.chroot_deny_fchdir = 1 -#kernel.grsecurity.chroot_deny_mknod = 1 -#kernel.grsecurity.chroot_deny_mount = 1 -#kernel.grsecurity.chroot_deny_pivot = 1 -kernel.grsecurity.chroot_deny_shmat = 1 -kernel.grsecurity.chroot_deny_sysctl = 1 -kernel.grsecurity.chroot_deny_unix = 1 -kernel.grsecurity.chroot_enforce_chdir = 1 -kernel.grsecurity.chroot_findtask = 1 -#kernel.grsecurity.chroot_restrict_nice = 1 - -# -# Kernel auditing -# -# audit_group: Restrict exec/chdir logging to a group. -# audit_gid: audit group -# - -#kernel.grsecurity.audit_group = 1 -kernel.grsecurity.audit_gid = 201 -#kernel.grsecurity.exec_logging = 1 -#kernel.grsecurity.resource_logging = 1 -#kernel.grsecurity.chroot_execlog = 1 -#kernel.grsecurity.audit_ptrace = 1 -#kernel.grsecurity.audit_chdir = 1 -#kernel.grsecurity.audit_mount = 1 -#kernel.grsecurity.signal_logging = 1 -#kernel.grsecurity.forkfail_logging = 1 -#kernel.grsecurity.timechange_logging = 1 -kernel.grsecurity.rwxmap_logging = 1 - -# -# Executable protections -# - -kernel.grsecurity.harden_ptrace = 1 -kernel.grsecurity.ptrace_readexec = 1 -kernel.grsecurity.consistent_setxid = 1 -kernel.grsecurity.harden_ipc = 1 - -# -# Trusted Path Execution -# -# tpe_gid: tpe group -# - -#kernel.grsecurity.tpe = 1 -kernel.grsecurity.tpe_gid = 200 -#kernel.grsecurity.tpe_invert = 1 -#kernel.grsecurity.tpe_restrict_all = 1 - -# -# Network protections -# -# socket_all_gid:socket-deny-all group -# socket_client_gid: socket-deny-client group -# socket_server_gid: socket-deny-server group -# - -#kernel.grsecurity.ip_blackhole = 1 -kernel.grsecurity.lastack_retries = 4 -kernel.grsecurity.socket_all = 1 -kernel.grsecurity.socket_all_gid = 202 -kernel.grsecurity.socket_client = 1 -kernel.grsecurity.socket_client_gid = 203 -kernel.grsecurity.socket_server = 1 -kernel.grsecurity.socket_server_gid = 204 - -# -# Prevent any new USB devices from being recognized by the OS. -# - -#kernel.grsecurity.deny_new_usb = 1 - -# -# Restrict grsec sysctl changes after this was set -# - -#kernel.grsecurity.grsec_lock = 1 Copied: grsec-common/repos/community-any/05-grsecurity.conf (from rev 120654, grsec-common/trunk/05-grsecurity.conf) === --- 05-grsecurity.conf (rev 0) +++ 05-grsecurity.conf 2014-10-14 16:31:20 UTC (rev 120655) @@ -0,0 +1,130 @@ +# All features in the kernel.grsecurity namespace are disabled by default. + +# +# Disable PaX enforcement by default. +# +# The `paxd` package sets softmode back to 0 in a configuration file loaded +# after this one. It automatically handles setting exceptions from the PaX
