Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual page 69
Hide thumbs
Also See for ENTERPRISE LINUX 5 - DEPLOYMENT:
- Manual (402 pages) ,
- Configuration (86 pages) ,
- Overview (68 pages)
Table of Contents
Advertisement
• acct — Controls the suspension of process accounting based on the percentage of free space
available on the file system containing the log. By default, the file looks like the following:
4 2 30
The first value dictates the percentage of free space required for logging to resume, while the
second value sets the threshold percentage of free space when logging is suspended. The third
value sets the interval, in seconds, that the kernel polls the file system to see if logging should be
suspended or resumed.
• cap-bound — Controls the capability bounding settings, which provides a list of capabilities for any
process on the system. If a capability is not listed here, then no process, no matter how privileged,
can do it. The idea is to make the system more secure by ensuring that certain things cannot
happen, at least beyond a certain point in the boot process.
For a valid list of values for this virtual file, refer to the following installed documentation:
/lib/modules/<kernel-version>/build/include/linux/capability.h.
• ctrl-alt-del — Controls whether Ctrl+Alt+Delete gracefully restarts the computer using
init (0) or forces an immediate reboot without syncing the dirty buffers to disk (1).
• domainname — Configures the system domain name, such as example.com.
• exec-shield — Configures the Exec Shield feature of the kernel. Exec Shield provides protection
against certain types of buffer overflow attacks.
There are two possible values for this virtual file:
• 0 — Disables Exec Shield.
• 1 — Enables Exec Shield. This is the default value.
Important
If a system is running security-sensitive applications that were started while Exec Shield
was disabled, these applications must be restarted when Exec Shield is enabled in
order for Exec Shield to take effect.
• exec-shield-randomize — Enables location randomization of various items in memory. This
helps deter potential attackers from locating programs and daemons in memory. Each time a
program or daemon starts, it is put into a different memory location each time, never in a static or
absolute memory address.
There are two possible values for this virtual file:
• 0 — Disables randomization of Exec Shield. This may be useful for application debugging
purposes.
• 1 — Enables randomization of Exec Shield. This is the default value. Note: The exec-shield
file must also be set to 1 for exec-shield-randomize to be effective.
• hostname — Configures the system hostname, such as www.example.com.
/proc/sys/
43
Advertisement
Table of Contents
Related Manuals for Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT
Related Products for Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT
- Red Hat CLUSTER FOR ENTERPRISE LINUX 5.0
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.1
- Red Hat ENTERPRISE LINUX 5 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat ENTERPRISE LINUX 5.1 - LVM ADMINISTRATION
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE
- Red Hat ENTERPRISE LINUX 5.3 - RELEASE MANIFEST
- Red Hat ENTERPRISE LINUX 5.5 - S 2010
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.2
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.5
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.7
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 4 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4.5.0 -