Sysctl: Difference between revisions
From Hackepedia
Jump to navigationJump to search
No edit summary |
No edit summary |
||
| Line 28: | Line 28: | ||
net.inet.udp.blackhole: Do not send port unreachables for refused connects | net.inet.udp.blackhole: Do not send port unreachables for refused connects | ||
To allow your computer to act as a [[router]] | net.inet.ip.forwarding: Enable IP forwarding between interfaces # To allow your computer to act as a [[router]] | ||
kern.securelevel: Current secure level # You can only increase this number. | |||
Revision as of 16:18, 29 November 2005
Sysctl - get or set kernel state
To see a specific kernel state:
$ sysctl security.bsd.see_other_uids security.bsd.see_other_uids: 1
What does the tunable do?
$ sysctl -d security.bsd.see_other_uids security.bsd.see_other_uids: Unprivileged processes may see subjects/objects with different real uid
To change the status of this tunable:
# sysctl security.bsd.see_other_uids=0 security.bsd.see_other_uids: 1 -> 0
We have now changed the system settings to prevent users from seeing information about processes that are being run under another UID.
To list all the currently available non-opaque values:
$ sysctl -a
some popular ones you might want to check out:
net.inet.tcp.blackhole: Do not send RST when dropping refused connections
net.inet.udp.blackhole: Do not send port unreachables for refused connects
net.inet.ip.forwarding: Enable IP forwarding between interfaces # To allow your computer to act as a router
kern.securelevel: Current secure level # You can only increase this number.
