Sysctl: Difference between revisions

From Hackepedia
Jump to navigationJump to search
No edit summary
link
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
Sysctl - get or set kernel state
Sysctl - get or set [[kernel]] state


To see a specific kernel state:
To see a specific kernel state:
Line 27: Line 27:


kern.securelevel: Current secure level # You can only increase this number.
kern.securelevel: Current secure level # You can only increase this number.
kern.randompid: Chooses a random pid number when a new process is forked, as OpenBSD does by default.

Latest revision as of 08:12, 28 March 2013

Sysctl - get or set kernel state

To see a specific kernel state:

$ sysctl security.bsd.see_other_uids
security.bsd.see_other_uids: 1

What does the tunable do?

$ sysctl -d security.bsd.see_other_uids
security.bsd.see_other_uids: Unprivileged processes may see subjects/objects with different real uid

To change the status of this tunable:

# sysctl security.bsd.see_other_uids=0
security.bsd.see_other_uids: 1 -> 0

We have now changed the system settings to prevent users from seeing information about processes that are being run under another UID.

To list all the currently available non-opaque values:

$ sysctl -a

some popular ones you might want to check out:

net.inet.ip.forwarding: Enable IP forwarding between interfaces # To allow your computer to act as a router

kern.securelevel: Current secure level # You can only increase this number.

kern.randompid: Chooses a random pid number when a new process is forked, as OpenBSD does by default.