Sysctl: Difference between revisions

From Hackepedia
Jump to navigationJump to search
No edit summary
m added kern.randompid
Line 27: Line 27:


kern.securelevel: Current secure level # You can only increase this number.
kern.securelevel: Current secure level # You can only increase this number.
kern.randompid: Chooses a random pid number when a new process is forked, as OpenBSD does by default.

Revision as of 16:11, 24 February 2006

Sysctl - get or set kernel state

To see a specific kernel state:

$ sysctl security.bsd.see_other_uids
security.bsd.see_other_uids: 1

What does the tunable do?

$ sysctl -d security.bsd.see_other_uids
security.bsd.see_other_uids: Unprivileged processes may see subjects/objects with different real uid

To change the status of this tunable:

# sysctl security.bsd.see_other_uids=0
security.bsd.see_other_uids: 1 -> 0

We have now changed the system settings to prevent users from seeing information about processes that are being run under another UID.

To list all the currently available non-opaque values:

$ sysctl -a

some popular ones you might want to check out:

net.inet.ip.forwarding: Enable IP forwarding between interfaces # To allow your computer to act as a router

kern.securelevel: Current secure level # You can only increase this number.

kern.randompid: Chooses a random pid number when a new process is forked, as OpenBSD does by default.