Red Hat Enterprise Linux 5 Administration Unleashed

Disabling ExecShield 549If it returns the following, ExecShield is enabled:kernel.exec-shield = 1Again, a value of 0 indicates that ExecShield is disabled.Disabling ExecShieldExecShield can be disabled by using sysctl or modifying the boot loader configurationfile to set the exec-shield kernel parameter to 0.To disable ExecShield using sysctl, execute the following command:sysctl -w kernel.exec-shield=0ExecShield is disabled immediately. However, executing this command alone does notdisable ExecShield on subsequent reboots. To disable ExecShield for all reboots, add thefollowing line to /etc/sysctl.conf (as root):kernel.exec-shield = 0Changes made to this file are not enabled until a reboot occurs, because the file is onlyread once during system startup. To enable the change immediately, the sysctl -wkernel.exec-shield=0 command still needs to be executed.Another way to disable ExecShield at boot time is to add a boot parameter and value tothe boot loader configuration file. For x86 and x86_64 systems that use GRUB as the bootloader, append the following line to the kernel line in /etc/grub.conf (as root):exec-shield=0Repeat this step for the kernel stanzas for which you want ExecShield disabled. Rememberthat this boot option and value must be added to any kernel stanzas added to the GRUBconfiguration file at a later time such as when a new kernel is installed.CCAUTIONIf the same boot parameter is set in /etc/grub.conf and in /etc/sysctl.conf, thevalue from sysctl.conf takes precedence. If you add boot parameters to the GRUBconfiguration file, make sure there aren’t any conflicting settings in /etc/sysctl.conf.Changes to grub.conf do not go into effect immediately. The file is only read once duringstartup. The next time the system is booted, ExecShield will be disabled.TIPAdding a boot parameter to the boot loader for other architectures is described inChapter 2, “Post-Installation Configuration.”