through the Internet looking for systems with common vulnerabilities such as worms and viruses. It is enabled in the kernel and works in a way that is non intrusive to the user. Its goal is not to defend against the expert hacker who has broken into your local network or an employee inside the company who already has access to parts of the network. Its goal is to prevent against intruders using scripts that look for vulnerabilities in the way a program running with root privileges is written.
How ExecShield works
ExecShield combats this with two features:
. Ascii Zone
. Address Space Randomization
Determinig status of ExecShield
ExecShield is enabled by default in the Red Hat Enterprise Linux kernel. To verify that ExecShield is enabled, execute the following command:
# cat /proc/sys/kernel/exec-shield
If it returns the value of 1, ExecShield is enabled. The value of 0 means it is disabled. You can also determine the status of ExecShield by executing the following command, but this command must be run as the root user:
# sysctl -a | grep exec-shield
If it returns the following, ExecShield is enabled:
kernel.exec-shield = 1
Again, a value of 0 indicates that ExecShield is disabled.
ExecShield can be disabled by using sysctl or modifying the boot loader configuration file to set the exec-shield kernel parameter to 0.
To disable ExecShield using sysctl, execute the following command:
# sysctl -w kernel.exec-shield=0
ExecShield is disabled immediately. However, executing this command alone does not disable ExecShield on subsequent reboots. To disable ExecShield for all reboots, add the following line to /etc/sysctl.conf (as root):
kernel.exec-shield = 0
Changes made to this file are not enabled until a reboot occurs, because the file is only read once during system startup. To enable the change immediately, the sysctl -w kernel.exec-shield=0 command still needs to be executed.
Another way to disable ExecShield at boot time is to add a boot parameter and value to the boot loader configuration file. For x86 and x86_64 systems that use GRUB as the boot loader, append the following line to the kernel line in /etc/grub.conf (as root):
NOTE: If the same boot parameter is set in /etc/grub.conf and in /etc/sysctl.conf, the value from sysctl.conf takes precedence. If you add boot parameters to the GRUB configuration file, make sure there aren’t any conflicting settings in /etc/sysctl.conf.
Follow the below links for more tutorials
Configure Red Hat Cluster using VMware, Quorum Disk, GFS2, Openfiler
Tutorial for Monitoring Tools SAR and KSAR with examples in Linux
How to configure Samba 4 Secondary Domain Controller
How to secure Apache web server in Linux using password (.htaccess)
How to register Red Hat Linux with RHN (Red Hat Network )
Red hat Enterprise Linux 5.5 Installation Guide (Screenshots)
15 tips to enhance security of your Linux machine
Why is Linux more secure than windows and any other OS
What is the difference between “su” and “su -” in Linux?
What is kernel-PAE in Linux?
What is swappiness and how do we change its value?
How to log iptables messages in different log file
What are the s and k scripts in the etc rcx.d directories
How to check all the currently running services in Linux
How to auto start service after reboot in Linux
What is virtual memory, paging and swap space?