[arch-commits] Commit in grsec-common/repos/community-any (6 files)

Daniel Micay thestinger at archlinux.org
Tue Oct 14 16:31:20 UTC 2014 

    Date: Tuesday, October 14, 2014 @ 18:31:20
  Author: thestinger
Revision: 120655

archrelease: copy trunk to community-any

Added:
  grsec-common/repos/community-any/05-grsecurity.conf
    (from rev 120654, grsec-common/trunk/05-grsecurity.conf)
  grsec-common/repos/community-any/PKGBUILD
    (from rev 120654, grsec-common/trunk/PKGBUILD)
  grsec-common/repos/community-any/grsec-common.install
    (from rev 120654, grsec-common/trunk/grsec-common.install)
Deleted:
  grsec-common/repos/community-any/05-grsecurity.conf
  grsec-common/repos/community-any/PKGBUILD
  grsec-common/repos/community-any/grsec-common.install

----------------------+
 05-grsecurity.conf   |  260 ++++++++++++++++++++++++-------------------------
 PKGBUILD             |   34 +++---
 grsec-common.install |   36 +++---
 3 files changed, 164 insertions(+), 166 deletions(-)

Deleted: 05-grsecurity.conf
===================================================================
--- 05-grsecurity.conf	2014-10-14 16:30:57 UTC (rev 120654)
+++ 05-grsecurity.conf	2014-10-14 16:31:20 UTC (rev 120655)
@@ -1,130 +0,0 @@
-# All features in the kernel.grsecurity namespace are disabled by default.
-
-#
-# Disable PaX enforcement by default.
-#
-# The `paxd` package sets softmode back to 0 in a configuration file loaded
-# after this one. It automatically handles setting exceptions from the PaX
-# exploit mitigations after Pacman operations. Altering the setting manually
-# rather than using `paxd` is not recommended.
-#
-
-kernel.pax.softmode = 1
-
-#
-# Memory protections
-#
-
-#kernel.grsecurity.disable_priv_io = 1
-kernel.grsecurity.deter_bruteforce = 1
-
-#
-# Race free SymLinksIfOwnerMatch for web servers
-#
-# symlinkown_gid: http group
-#
-
-kernel.grsecurity.enforce_symlinksifowner = 1
-kernel.grsecurity.symlinkown_gid = 33
-
-#
-# FIFO restrictions
-#
-# Prevent writing to a FIFO in a world-writable sticky directory (e.g. /tmp),
-# unless the owner of the FIFO is the same owner of the directory it's held in.
-#
-
-kernel.grsecurity.fifo_restrictions = 1
-
-#
-# Deny any further rw mounts
-#
-
-#kernel.grsecurity.romount_protect = 1
-
-#
-# chroot restrictions (the commented options will break containers)
-#
-
-#kernel.grsecurity.chroot_caps = 1
-#kernel.grsecurity.chroot_deny_chmod = 1
-#kernel.grsecurity.chroot_deny_chroot = 1
-kernel.grsecurity.chroot_deny_fchdir = 1
-#kernel.grsecurity.chroot_deny_mknod = 1
-#kernel.grsecurity.chroot_deny_mount = 1
-#kernel.grsecurity.chroot_deny_pivot = 1
-kernel.grsecurity.chroot_deny_shmat = 1
-kernel.grsecurity.chroot_deny_sysctl = 1
-kernel.grsecurity.chroot_deny_unix = 1
-kernel.grsecurity.chroot_enforce_chdir = 1
-kernel.grsecurity.chroot_findtask = 1
-#kernel.grsecurity.chroot_restrict_nice = 1
-
-#
-# Kernel auditing
-#
-# audit_group: Restrict exec/chdir logging to a group.
-# audit_gid: audit group
-#
-
-#kernel.grsecurity.audit_group = 1
-kernel.grsecurity.audit_gid = 201
-#kernel.grsecurity.exec_logging = 1
-#kernel.grsecurity.resource_logging = 1
-#kernel.grsecurity.chroot_execlog = 1
-#kernel.grsecurity.audit_ptrace = 1
-#kernel.grsecurity.audit_chdir = 1
-#kernel.grsecurity.audit_mount = 1
-#kernel.grsecurity.signal_logging = 1
-#kernel.grsecurity.forkfail_logging = 1
-#kernel.grsecurity.timechange_logging = 1
-kernel.grsecurity.rwxmap_logging = 1
-
-#
-# Executable protections
-#
-
-kernel.grsecurity.harden_ptrace = 1
-kernel.grsecurity.ptrace_readexec = 1
-kernel.grsecurity.consistent_setxid = 1
-kernel.grsecurity.harden_ipc = 1
-
-#
-# Trusted Path Execution
-#
-# tpe_gid: tpe group
-#
-
-#kernel.grsecurity.tpe = 1
-kernel.grsecurity.tpe_gid = 200
-#kernel.grsecurity.tpe_invert = 1
-#kernel.grsecurity.tpe_restrict_all = 1
-
-#
-# Network protections
-#
-# socket_all_gid:    socket-deny-all group
-# socket_client_gid: socket-deny-client group
-# socket_server_gid: socket-deny-server group
-#
-
-#kernel.grsecurity.ip_blackhole = 1
-kernel.grsecurity.lastack_retries = 4
-kernel.grsecurity.socket_all = 1
-kernel.grsecurity.socket_all_gid = 202
-kernel.grsecurity.socket_client = 1
-kernel.grsecurity.socket_client_gid = 203
-kernel.grsecurity.socket_server = 1
-kernel.grsecurity.socket_server_gid = 204
-
-#
-# Prevent any new USB devices from being recognized by the OS.
-#
-
-#kernel.grsecurity.deny_new_usb = 1
-
-#
-# Restrict grsec sysctl changes after this was set
-#
-
-#kernel.grsecurity.grsec_lock = 1

Copied: grsec-common/repos/community-any/05-grsecurity.conf (from rev 120654, grsec-common/trunk/05-grsecurity.conf)
===================================================================
--- 05-grsecurity.conf	                        (rev 0)
+++ 05-grsecurity.conf	2014-10-14 16:31:20 UTC (rev 120655)
@@ -0,0 +1,130 @@
+# All features in the kernel.grsecurity namespace are disabled by default.
+
+#
+# Disable PaX enforcement by default.
+#
+# The `paxd` package sets softmode back to 0 in a configuration file loaded
+# after this one. It automatically handles setting exceptions from the PaX
+# exploit mitigations after Pacman operations. Altering the setting manually
+# rather than using `paxd` is not recommended.
+#
+
+kernel.pax.softmode = 1
+
+#
+# Memory protections
+#
+
+#kernel.grsecurity.disable_priv_io = 1
+kernel.grsecurity.deter_bruteforce = 1
+
+#
+# Race free SymLinksIfOwnerMatch for web servers
+#
+# symlinkown_gid: http group
+#
+
+kernel.grsecurity.enforce_symlinksifowner = 1
+kernel.grsecurity.symlinkown_gid = 33
+
+#
+# FIFO restrictions
+#
+# Prevent writing to a FIFO in a world-writable sticky directory (e.g. /tmp),
+# unless the owner of the FIFO is the same owner of the directory it's held in.
+#
+
+kernel.grsecurity.fifo_restrictions = 1
+
+#
+# Deny any further rw mounts
+#
+
+#kernel.grsecurity.romount_protect = 1
+
+#
+# chroot restrictions (the commented options will break containers)
+#
+
+#kernel.grsecurity.chroot_caps = 1
+#kernel.grsecurity.chroot_deny_chmod = 1
+#kernel.grsecurity.chroot_deny_chroot = 1
+kernel.grsecurity.chroot_deny_fchdir = 1
+#kernel.grsecurity.chroot_deny_mknod = 1
+#kernel.grsecurity.chroot_deny_mount = 1
+#kernel.grsecurity.chroot_deny_pivot = 1
+kernel.grsecurity.chroot_deny_shmat = 1
+kernel.grsecurity.chroot_deny_sysctl = 1
+kernel.grsecurity.chroot_deny_unix = 1
+kernel.grsecurity.chroot_enforce_chdir = 1
+kernel.grsecurity.chroot_findtask = 1
+#kernel.grsecurity.chroot_restrict_nice = 1
+
+#
+# Kernel auditing
+#
+# audit_group: Restrict exec/chdir logging to a group.
+# audit_gid: audit group
+#
+
+#kernel.grsecurity.audit_group = 1
+kernel.grsecurity.audit_gid = 201
+#kernel.grsecurity.exec_logging = 1
+#kernel.grsecurity.resource_logging = 1
+#kernel.grsecurity.chroot_execlog = 1
+#kernel.grsecurity.audit_ptrace = 1
+#kernel.grsecurity.audit_chdir = 1
+#kernel.grsecurity.audit_mount = 1
+#kernel.grsecurity.signal_logging = 1
+#kernel.grsecurity.forkfail_logging = 1
+#kernel.grsecurity.timechange_logging = 1
+kernel.grsecurity.rwxmap_logging = 1
+
+#
+# Executable protections
+#
+
+kernel.grsecurity.harden_ptrace = 1
+kernel.grsecurity.ptrace_readexec = 1
+kernel.grsecurity.consistent_setxid = 1
+kernel.grsecurity.harden_ipc = 1
+
+#
+# Trusted Path Execution
+#
+# tpe_gid: tpe group
+#
+
+#kernel.grsecurity.tpe = 1
+kernel.grsecurity.tpe_gid = 200
+#kernel.grsecurity.tpe_invert = 1
+kernel.grsecurity.tpe_restrict_all = 1
+
+#
+# Network protections
+#
+# socket_all_gid:    socket-deny-all group
+# socket_client_gid: socket-deny-client group
+# socket_server_gid: socket-deny-server group
+#
+
+#kernel.grsecurity.ip_blackhole = 1
+kernel.grsecurity.lastack_retries = 4
+kernel.grsecurity.socket_all = 1
+kernel.grsecurity.socket_all_gid = 202
+kernel.grsecurity.socket_client = 1
+kernel.grsecurity.socket_client_gid = 203
+kernel.grsecurity.socket_server = 1
+kernel.grsecurity.socket_server_gid = 204
+
+#
+# Prevent any new USB devices from being recognized by the OS.
+#
+
+#kernel.grsecurity.deny_new_usb = 1
+
+#
+# Restrict grsec sysctl changes after this was set
+#
+
+#kernel.grsecurity.grsec_lock = 1

Deleted: PKGBUILD
===================================================================
--- PKGBUILD	2014-10-14 16:30:57 UTC (rev 120654)
+++ PKGBUILD	2014-10-14 16:31:20 UTC (rev 120655)
@@ -1,17 +0,0 @@
-# $Id$
-# Maintainer: Daniel Micay <danielmicay at gmail.com>
-pkgname=grsec-common
-pkgver=1
-pkgrel=1
-pkgdesc='Base package for grsecurity kernels'
-arch=(any)
-url='https://archlinux.org/'
-license=('GPL2')
-install=$pkgname.install
-source=(05-grsecurity.conf)
-sha1sums=('dc6b38e1c89376b81246588956e3b93f59620822')
-backup=(etc/sysctl.d/05-grsecurity.conf)
-
-package() {
-  install -Dm600 05-grsecurity.conf "$pkgdir/etc/sysctl.d/05-grsecurity.conf"
-}

Copied: grsec-common/repos/community-any/PKGBUILD (from rev 120654, grsec-common/trunk/PKGBUILD)
===================================================================
--- PKGBUILD	                        (rev 0)
+++ PKGBUILD	2014-10-14 16:31:20 UTC (rev 120655)
@@ -0,0 +1,17 @@
+# $Id$
+# Maintainer: Daniel Micay <danielmicay at gmail.com>
+pkgname=grsec-common
+pkgver=2
+pkgrel=1
+pkgdesc='Base package for grsecurity kernels'
+arch=(any)
+url='https://archlinux.org/'
+license=('GPL2')
+install=$pkgname.install
+source=(05-grsecurity.conf)
+sha1sums=('ff93228668f2200b0785d8e2f09e9122911f0ef3')
+backup=(etc/sysctl.d/05-grsecurity.conf)
+
+package() {
+  install -Dm600 05-grsecurity.conf "$pkgdir/etc/sysctl.d/05-grsecurity.conf"
+}

Deleted: grsec-common.install
===================================================================
--- grsec-common.install	2014-10-14 16:30:57 UTC (rev 120654)
+++ grsec-common.install	2014-10-14 16:31:20 UTC (rev 120655)
@@ -1,19 +0,0 @@
-post_install() {
-  getent group tpe >/dev/null || groupadd -g 200 tpe
-  getent group audit >/dev/null || groupadd -g 201 audit
-  getent group socket-deny-all >/dev/null || groupadd -g 202 socket-deny-all
-  getent group socket-deny-client >/dev/null || groupadd -g 203 socket-deny-client
-  getent group socket-deny-server >/dev/null || groupadd -g 204 socket-deny-server
-}
-
-post_upgrade() {
-  post_install
-}
-
-post_remove() {
-  for group in tpe audit socket-deny-server socket-deny-client socket-deny-all; do
-    if getent group $group >/dev/null; then
-      groupdel $group
-    fi
-  done
-}

Copied: grsec-common/repos/community-any/grsec-common.install (from rev 120654, grsec-common/trunk/grsec-common.install)
===================================================================
--- grsec-common.install	                        (rev 0)
+++ grsec-common.install	2014-10-14 16:31:20 UTC (rev 120655)
@@ -0,0 +1,17 @@
+post_install() {
+  getent group tpe >/dev/null || groupadd -g 200 tpe
+  getent group audit >/dev/null || groupadd -g 201 audit
+  getent group socket-deny-all >/dev/null || groupadd -g 202 socket-deny-all
+  getent group socket-deny-client >/dev/null || groupadd -g 203 socket-deny-client
+  getent group socket-deny-server >/dev/null || groupadd -g 204 socket-deny-server
+}
+
+post_upgrade() {
+  post_install
+}
+
+post_remove() {
+  for group in tpe audit socket-deny-server socket-deny-client socket-deny-all; do
+    getent group $group >/dev/null && groupdel $group
+  done
+}

More information about the arch-commits mailing list