I'm trying to figure out if the stock kernels for Centos-6 and/or Centos-7 have ExecShield compiled in, and if so, if it is turned on by default. On my local C7 box I've been looking at/for indicators without a lot of success: /usr/lib/sysctl.d/00-system.conf. does not mention ExecShield at all. /proc/sys/kernel has no entries for exec_shield no mention of execshield in any of the files in /etc/grub.d So, as far as I can see, there are no settings that I would expect to force ExecShield to an ON setting. I DO see, in /proc/sys/kernel, a file named randomize_va_space, and it contains a value of "2". I've been googling (well, actually DuckDuckGo-ing) and most of the articles I find regarding ExecShield are 3-10 years old. I'd appreciate pointers/guides/info on ExecShield in C6 or C7. thanks in advance! Fred -- ---- Fred Smith -- fredex at fcshome.stoneham.ma.us ----------------------------- "And he will be called Wonderful Counselor, Mighty God, Everlasting Father, Prince of Peace. Of the increase of his government there will be no end. He will reign on David's throne and over his kingdom, establishing and upholding it with justice and righteousness from that time on and forever." ------------------------------- Isaiah 9:7 (niv) ------------------------------
On Tue, Sep 29, 2015 at 7:37 AM, Fred Smith <fredex at fcshome.stoneham.ma.us> wrote:> I'm trying to figure out if the stock kernels for Centos-6 and/or Centos-7 > have ExecShield compiled in, and if so, if it is turned on by default.According to what I've read, Exec Shield is enabled in CentOS-6 and -7 by default. In CentOS-6, you can see it by: sysctl -a | grep -i shield The sysctl command also allows you to disable it. But in CentOS-7 you cannot change it any more. Akemi
On Tue, Sep 29, 2015 at 08:49:21AM -0700, Akemi Yagi wrote:> On Tue, Sep 29, 2015 at 7:37 AM, Fred Smith > <fredex at fcshome.stoneham.ma.us> wrote: > > I'm trying to figure out if the stock kernels for Centos-6 and/or Centos-7 > > have ExecShield compiled in, and if so, if it is turned on by default. > > According to what I've read, Exec Shield is enabled in CentOS-6 and -7 > by default. In CentOS-6, you can see it by: > > sysctl -a | grep -i shield > > The sysctl command also allows you to disable it. But in CentOS-7 you > cannot change it any more. > > AkemiThanks, Akemi! -- ---- Fred Smith -- fredex at fcshome.stoneham.ma.us ----------------------------- The Lord detests the way of the wicked but he loves those who pursue righteousness. ----------------------------- Proverbs 15:9 (niv) -----------------------------