Sysctl: Difference between revisions

From Hackepedia
Jump to navigationJump to search
No edit summary
No edit summary
Line 28: Line 28:
net.inet.udp.blackhole: Do not send port unreachables for refused connects
net.inet.udp.blackhole: Do not send port unreachables for refused connects


To allow your computer to act as a [[router]]:
net.inet.ip.forwarding: Enable IP forwarding between interfaces # To allow your computer to act as a [[router]]


net.inet.ip.forwarding: Enable IP forwarding between interfaces
kern.securelevel: Current secure level # You can only increase this number.

Revision as of 16:18, 29 November 2005

Sysctl - get or set kernel state

To see a specific kernel state:

$ sysctl security.bsd.see_other_uids
security.bsd.see_other_uids: 1

What does the tunable do?

$ sysctl -d security.bsd.see_other_uids
security.bsd.see_other_uids: Unprivileged processes may see subjects/objects with different real uid

To change the status of this tunable:

# sysctl security.bsd.see_other_uids=0
security.bsd.see_other_uids: 1 -> 0

We have now changed the system settings to prevent users from seeing information about processes that are being run under another UID.

To list all the currently available non-opaque values:

$ sysctl -a

some popular ones you might want to check out:

net.inet.tcp.blackhole: Do not send RST when dropping refused connections

net.inet.udp.blackhole: Do not send port unreachables for refused connects

net.inet.ip.forwarding: Enable IP forwarding between interfaces # To allow your computer to act as a router

kern.securelevel: Current secure level # You can only increase this number.