Add a sysctl setting to disable privileged ports
As with previous commits: sysctl are applied only if we're running in a
VM, hence "Restrictions: isolation-machine".
Cf. https://bugs.kali.org/view.php?id=7952 for more details
Arnaud Rebillout
1 year, 4 months ago
0 | 0 |
# non-privileged users should be able to run dmesg
|
1 | 1 |
Test-Command: dmesg >/dev/null
|
2 | 2 |
Restrictions: isolation-machine
|
|
3 |
|
|
4 |
# non-privileged users should be able to open any ports
|
|
5 |
Tests: unprivileged-ports
|
|
6 |
Restrictions: isolation-machine
|
|
7 |
Depends: netcat-traditional
|
|
0 |
#!/bin/sh
|
|
1 |
|
|
2 |
# port must be < 1024
|
|
3 |
port=123
|
|
4 |
|
|
5 |
echo foobar | timeout 1 netcat -l -p $port
|
|
6 |
rc=$?
|
|
7 |
|
|
8 |
# if the command timed out, it means success
|
|
9 |
if test $rc -eq 124; then rc=0; fi
|
|
10 |
|
|
11 |
exit $rc
|
|
0 |
# This file is part of kali-defaults.
|
|
1 |
#
|
|
2 |
# If the setting(s) in this file are not desirable, do NOT
|
|
3 |
# modify this file. Instead, start 'kali-tweaks' in a
|
|
4 |
# terminal and change the setting from there.
|
|
5 |
|
|
6 |
# Disable privileged ports.
|
|
7 |
net.ipv4.ip_unprivileged_port_start = 0
|