Sysctl: Difference between revisions

From Hackepedia
Jump to navigationJump to search
No edit summary
 
No edit summary
Line 25: Line 25:


net.inet.tcp.blackhole: Do not send RST when dropping refused connections
net.inet.tcp.blackhole: Do not send RST when dropping refused connections
net.inet.udp.blackhole: Do not send port unreachables for refused connects
net.inet.udp.blackhole: Do not send port unreachables for refused connects
To allow your computer to act as a [[router]]:
To allow your computer to act as a [[router]]:
net.inet.ip.forwarding: Enable IP forwarding between interfaces
net.inet.ip.forwarding: Enable IP forwarding between interfaces

Revision as of 15:11, 29 November 2005

Sysctl - get or set kernel state

To see a specific kernel state:

$ sysctl security.bsd.see_other_uids
security.bsd.see_other_uids: 1

What does the tunable do?

$ sysctl -d security.bsd.see_other_uids
security.bsd.see_other_uids: Unprivileged processes may see subjects/objects with different real uid

To change the status of this tunable:

# sysctl security.bsd.see_other_uids=0
security.bsd.see_other_uids: 1 -> 0

We have now changed the system settings to prevent users from seeing information about processes that are being run under another UID.

To list all the currently available non-opaque values:

$ sysctl -a

some popular ones you might want to check out:

net.inet.tcp.blackhole: Do not send RST when dropping refused connections

net.inet.udp.blackhole: Do not send port unreachables for refused connects

To allow your computer to act as a router:

net.inet.ip.forwarding: Enable IP forwarding between interfaces