Sysctl: Difference between revisions
From Hackepedia
Jump to navigationJump to search
No edit summary |
No edit summary |
||
Line 25: | Line 25: | ||
net.inet.tcp.blackhole: Do not send RST when dropping refused connections | net.inet.tcp.blackhole: Do not send RST when dropping refused connections | ||
net.inet.udp.blackhole: Do not send port unreachables for refused connects | net.inet.udp.blackhole: Do not send port unreachables for refused connects | ||
To allow your computer to act as a [[router]]: | To allow your computer to act as a [[router]]: | ||
net.inet.ip.forwarding: Enable IP forwarding between interfaces | net.inet.ip.forwarding: Enable IP forwarding between interfaces |
Revision as of 15:11, 29 November 2005
Sysctl - get or set kernel state
To see a specific kernel state:
$ sysctl security.bsd.see_other_uids security.bsd.see_other_uids: 1
What does the tunable do?
$ sysctl -d security.bsd.see_other_uids security.bsd.see_other_uids: Unprivileged processes may see subjects/objects with different real uid
To change the status of this tunable:
# sysctl security.bsd.see_other_uids=0 security.bsd.see_other_uids: 1 -> 0
We have now changed the system settings to prevent users from seeing information about processes that are being run under another UID.
To list all the currently available non-opaque values:
$ sysctl -a
some popular ones you might want to check out:
net.inet.tcp.blackhole: Do not send RST when dropping refused connections
net.inet.udp.blackhole: Do not send port unreachables for refused connects
To allow your computer to act as a router:
net.inet.ip.forwarding: Enable IP forwarding between interfaces