#!/sbin/runscript # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/files/grsecurity.rc,v 1.9 2004/07/15 00:42:30 agriffis Exp $ # Note: chpax support has been removed from this init script. # Configure /etc/conf.d/chpax and add chpax to your default runlevel instead PROCDIR=/proc/sys/kernel/grsecurity depend() { need bootmisc localmount after chpax } checkconfig() { if [ ! -d ${PROCDIR} ] ; then eerror "You must have GR security turned on in your kernel." return 1 fi } start() { checkconfig || return 1 ebegin "Starting grsecurity" for x in ${ENABLED}; do # [ -f ${PROCDIR}/${x} ] && continue # einfo "\tEnabling kernel.grsecurity.${x}" case "${x}" in audit_group) echo ${audit_gid} > ${PROCDIR}/audit_gid echo 1 > ${PROCDIR}/${x} ;; tpe) echo ${tpe_gid} > ${PROCDIR}/tpe_gid echo 1 > ${PROCDIR}/${x} ;; allow_ptrace_group) echo ${ptrace_gid} > ${PROCDIR}/ptrace_gid echo 1 > ${PROCDIR}/${x} ;; fork_bomb_prot) echo ${fork_bomb_gid} >${PROCDIR}/fork_bomb_gid echo ${fork_bomb_sec} >${PROCDIR}/fork_bomb_sec echo ${fork_bomb_max} >${PROCDIR}/fork_bomb_max echo 1 > ${PROCDIR}/${x} ;; socket_all) echo ${socket_all_gid} >${PROCDIR}/socket_all_gid echo 1 > ${PROCDIR}/${x} ;; socket_client) echo ${socket_client_gid} >${PROCDIR}/socket_client_gid echo 1 > ${PROCDIR}/${x} ;; socket_server) echo ${socket_server_gid} >${PROCDIR}/socket_server_gid echo 1 > ${PROCDIR}/${x} ;; *) [ -f ${PROCDIR}/${x} ] && echo 1 >${PROCDIR}/${x} ;; esac done [ -f ${PROCDIR}/grsec_lock ] && echo ${LOCK} >${PROCDIR}/grsec_lock eend ${?} } #stop() { # ebegin "Stopping grsecurity" # eend ${?} #}