From f4c4140b4eb405172afe4755464f8af10e58350b Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Wed, 13 Jul 2016 12:10:50 -0400
Subject: todo

---
 todo | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/todo b/todo
index 5ceb4e530..43168dd5a 100644
--- a/todo
+++ b/todo
@@ -218,3 +218,20 @@ sudo firejail /snap/bin/ubuntu-clock-app.clock
 
 extract env for process
 ps e -p <pid> | sed 's/ /\n/g' 
+
+
+20. check default disable - from grsecurity
+
+GRKERNSEC_HIDESYM
+/proc/kallsyms and other files
+
+GRKERNSEC_PROC_USER
+If you say Y here, non-root users will only be able to view their own
+processes, and restricts them from viewing network-related information,
+and viewing kernel symbol and module information.
+
+GRKERNSEC_PROC_ADD
+If you say Y here, additional restrictions will be placed on
+/proc that keep normal users from viewing device information and 
+slabinfo information that could be useful for exploits.
+
-- 
cgit v1.2.3-54-g00ecf