Comments on: Tweaking kernel parameters using sysctl http://www.tssci-security.com/archives/2007/09/13/tweaking-kernel-parameters-using-sysctl/ top secret/secure computing information Tue, 14 Oct 2008 10:58:32 +0000 http://wordpress.org/?v=2.2.3 By: Marcin http://www.tssci-security.com/archives/2007/09/13/tweaking-kernel-parameters-using-sysctl/#comment-1652 Marcin Thu, 13 Sep 2007 18:26:57 +0000 http://www.tssci-security.com/archives/2007/09/13/tweaking-kernel-parameters-using-sysctl/#comment-1652 <em>security.bsd.see_other_uids=0</em> That works great for FreeBSD, and I use it on all my systems, but OS X does not have security.* sysctl parameters. <em>Otherwise, to your list, I’d also suggest adding: net.inet.ip.sourceroute=0 net.inet.tcp.log_in_vain=1 net.inet.udp.log_in_vain=1</em> Our list wasn't meant to be exhaustive, so we did leave a lot out. I saw Casey's sysctl settings and it was four pages in length. We may post a link to it as a text a file or we can do a follow-up post to this one going into further detail if there's interest. As always, we encourage everyone to investigate on their own and we don't guarantee our settings will be right or work for every system. security.bsd.see_other_uids=0

That works great for FreeBSD, and I use it on all my systems, but OS X does not have security.* sysctl parameters.

Otherwise, to your list, I’d also suggest adding:

net.inet.ip.sourceroute=0
net.inet.tcp.log_in_vain=1
net.inet.udp.log_in_vain=1

Our list wasn’t meant to be exhaustive, so we did leave a lot out. I saw Casey’s sysctl settings and it was four pages in length. We may post a link to it as a text a file or we can do a follow-up post to this one going into further detail if there’s interest. As always, we encourage everyone to investigate on their own and we don’t guarantee our settings will be right or work for every system.

]]> By: Andrew Storms http://www.tssci-security.com/archives/2007/09/13/tweaking-kernel-parameters-using-sysctl/#comment-1651 Andrew Storms Thu, 13 Sep 2007 16:39:31 +0000 http://www.tssci-security.com/archives/2007/09/13/tweaking-kernel-parameters-using-sysctl/#comment-1651 While kern.ps_argsopen=0 is cool, if what you are trying to achieve is hiding ps information, then try: security.bsd.see_other_uids=0 This prohibits anyone from seeing any processes that aren't theirs. Also limits the output of netstat. Otherwise, to your list, I'd also suggest adding: net.inet.ip.sourceroute=0 net.inet.tcp.log_in_vain=1 net.inet.udp.log_in_vain=1 While log_in_vain can be rather verbose, its nice to have the output logged. --S While kern.ps_argsopen=0 is cool, if what you are trying to achieve is hiding ps information, then try:

security.bsd.see_other_uids=0

This prohibits anyone from seeing any processes that aren’t theirs. Also limits the output of netstat. Otherwise, to your list, I’d also suggest adding:

net.inet.ip.sourceroute=0
net.inet.tcp.log_in_vain=1
net.inet.udp.log_in_vain=1

While log_in_vain can be rather verbose, its nice to have the output logged.

–S

]]>