Now that I have Cent OS (RHEL clone) installed on my IBM server, I'm wondering what is ExecShield and how do I disable the same?
ExecShield is security Linux kernel patch to avoid worms and other problems.
Wikipedia has more information about Exec Shield project:
Exec Shield is a project that got started at Red Hat, Inc in late 2002 with the aim of reducing the risk of worm or other automated remote attacks on Linux systems. The first result of the project was a security patch for the Linux kernel that adds an NX bit to x86 CPUs. While the Exec Shield project has had many other components, some people refer to this first patch as Exec Shield.
Task: Disable ExecShield protection
Type the following command as root user:
# sysctl -w kernel.exec-shield=0
You can disable it permanently system-wide after each and every reboot by adding following line to /etc/sysctl.conf file:
# vi /etc/sysctl.conf
Append following line
Save and close the file. Please note that I don’t recommend disabling ExecShild protection.
You can also disable protection by appending the following parameter to the kernel command line in the GRUB bootloader to kernel line:
# vi /etc/grub.conf
Modify / append exec-shield=0 parameter as follows:
kernel /vmlinuz-2.6.8 ro root=LABEL=/ exec-shield=0
Close and save the file.
Enable ExecShield Protection Against Buffer Overflows
Open your /etc/sysctl.conf file:
# vi /etc/sysctl.conf
Add the following lines:
kernel.exec-shield = 1 kernel.randomize_va_space = 1
Save and close the file. First line will enable ExecShield protection and second line will enable random placement of virtual memory regions protection. To load in sysctl settings, enter:
# sysctl -p
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop