Sysctl

From Hackepedia
Revision as of 16:11, 29 November 2005 by Franks (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Sysctl - get or set kernel state

To see a specific kernel state: 

$ sysctl security.bsd.see_other_uids
security.bsd.see_other_uids: 1

What does the tunable do? 

$ sysctl -d security.bsd.see_other_uids
security.bsd.see_other_uids: Unprivileged processes may see subjects/objects with different real uid

To change the status of this tunable: 

# sysctl security.bsd.see_other_uids=0
security.bsd.see_other_uids: 1 -> 0

We have now changed the system settings to prevent users from seeing information about processes that are being run under another UID.

To list all the currently available non-opaque values: 

$ sysctl -a

some popular ones you might want to check out:

net.inet.tcp.blackhole: Do not send RST when dropping refused connections net.inet.udp.blackhole: Do not send port unreachables for refused connects To allow your computer to act as a router: net.inet.ip.forwarding: Enable IP forwarding between interfaces

Retrieved from "https://hackepedia.org/?title=Sysctl&oldid=565"