1#!/bin/sh 2test "$1" = "-h" -o "$1" = "-hh" && { 3 echo 'afl-system-config by Marc Heuse <mh@mh-sec.de>' 4 echo 5 echo $0 6 echo 7 echo afl-system-config has no command line options 8 echo 9 echo afl-system-config reconfigures the system to a high performance fuzzing state. 10 echo "WARNING: this reduces the security of the system!" 11 echo 12 echo Note that there is also afl-persistent-config which sets additional permanent 13 echo configuration options. 14 exit 0 15} 16 17DONE= 18PLATFORM=`uname -s` 19echo This reconfigures the system to have a better fuzzing performance. 20echo "WARNING: this reduces the security of the system!" 21echo 22if [ '!' "$EUID" = 0 ] && [ '!' `id -u` = 0 ] ; then 23 echo "Warning: you need to be root to run this!" 24 # we do not exit as other mechanisms exist that allows to do this than 25 # being root. let the errors speak for themselves. 26fi 27sleep 1 28if [ "$PLATFORM" = "Linux" ] ; then 29{ 30 sysctl -w kernel.core_uses_pid=0 31 # Arch Linux requires core_pattern to be empty :( 32 test -e /etc/arch-release && sysctl -w kernel.core_pattern= 33 test -e /etc/arch-release || sysctl -w kernel.core_pattern=core 34 sysctl -w kernel.randomize_va_space=0 35 sysctl -w kernel.sched_child_runs_first=1 36 sysctl -w kernel.sched_autogroup_enabled=1 37 sysctl -w kernel.sched_migration_cost_ns=50000000 2>/dev/null 38 sysctl -w kernel.sched_latency_ns=250000000 2>/dev/null 39 echo never > /sys/kernel/mm/transparent_hugepage/enabled 40 test -e /sys/devices/system/cpu/cpufreq/scaling_governor && echo performance | tee /sys/devices/system/cpu/cpufreq/scaling_governor 41 test -e /sys/devices/system/cpu/cpufreq/policy0/scaling_governor && echo performance | tee /sys/devices/system/cpu/cpufreq/policy*/scaling_governor 42 test -e /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor && echo performance | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor 43 test -e /sys/devices/system/cpu/intel_pstate/no_turbo && echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo 44 test -e /sys/devices/system/cpu/cpufreq/boost && echo 1 > /sys/devices/system/cpu/cpufreq/boost 45 test -e /sys/devices/system/cpu/intel_pstate/max_perf_pct && echo 100 > /sys/devices/system/cpu/intel_pstate/max_perf_pct 46 test -n "$(which auditctl)" && auditctl -a never,task >/dev/null 2>&1 47} > /dev/null 48 echo Settings applied. 49 echo 50 dmesg | egrep -q 'nospectre_v2|spectre_v2=off' || { 51 echo It is recommended to boot the kernel with lots of security off - if you are running a machine that is in a secured network - so set this: 52 echo ' /etc/default/grub:GRUB_CMDLINE_LINUX_DEFAULT="ibpb=off ibrs=off kpti=0 l1tf=off mds=off mitigations=off no_stf_barrier noibpb noibrs nopcid nopti nospec_store_bypass_disable nospectre_v1 nospectre_v2 pcid=off pti=off spec_store_bypass_disable=off spectre_v2=off stf_barrier=off srbds=off noexec=off noexec32=off tsx=on tsx_async_abort=off arm64.nopauth audit=0 hardened_usercopy=off ssbd=force-off"' 53 echo 54 } 55 echo If you run fuzzing instances in docker, run them with \"--security-opt seccomp=unconfined\" for more speed. 56 echo 57 DONE=1 58fi 59if [ "$PLATFORM" = "FreeBSD" ] ; then 60{ 61 sysctl kern.elf32.aslr.enable=0 62 sysctl kern.elf64.aslr.enable=0 63} > /dev/null 64 echo Settings applied. 65 echo 66 cat <<EOF 67In order to suppress core file generation during fuzzing it is recommended to set 68me:\\ 69 :coredumpsize=0: 70in the ~/.login_conf file for the user used for fuzzing. 71EOF 72 echo It is recommended to boot the kernel with lots of security off - if you are running a machine that is in a secured network - so set this: 73 echo ' sysctl hw.ibrs_disable=1' 74 echo 'Setting kern.pmap.pg_ps_enabled=0 into /boot/loader.conf might be helpful too.' 75 echo 76 DONE=1 77fi 78if [ "$PLATFORM" = "OpenBSD" ] ; then 79 doas sysctl vm.malloc_conf= 80 echo 'Freecheck on allocation in particular can be detrimental to performance.' 81 echo 'Also we might not want necessarily to abort at any allocation failure.' 82 echo 'System security features cannot be disabled on OpenBSD.' 83 echo 84 DONE=1 85fi 86if [ "$PLATFORM" = "DragonFly" ] ; then 87 #/sbin/sysctl kern.corefile=/dev/null 88 #echo Settings applied. 89 cat <<EOF 90In order to suppress core file generation during fuzzing it is recommended to set 91me:\\ 92 :coredumpsize=0: 93in the ~/.login_conf file for the user used for fuzzing. 94EOF 95 echo 96 DONE=1 97fi 98if [ "$PLATFORM" = "NetBSD" ] ; then 99{ 100 /sbin/sysctl -w security.models.extensions.user_set_cpu_affinity=1 101} > /dev/null 102 echo Settings applied. 103 echo 104 DONE=1 105fi 106if [ "$PLATFORM" = "Darwin" ] ; then 107 sysctl kern.sysv.shmmax=524288000 108 sysctl kern.sysv.shmmin=1 109 sysctl kern.sysv.shmseg=48 110 sysctl kern.sysv.shmall=131072000 111 echo Settings applied. 112 echo 113 if [ $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') ] ; then 114 echo 115 echo Unloading the default crash reporter 116 SL=/System/Library; PL=com.apple.ReportCrash 117 launchctl unload -w ${SL}/LaunchAgents/${PL}.plist >/dev/null 2>&1 118 sudo launchctl unload -w ${SL}/LaunchDaemons/${PL}.Root.plist >/dev/null 2>&1 119 echo 120 fi 121 echo It is recommended to disable System Integration Protection for increased performance. 122 echo 123 DONE=1 124fi 125if [ "$PLATFORM" = "Haiku" ] ; then 126 DEBUG_SERVER_DIR=~/config/settings/system/debug_server 127 [ ! -d ${DEBUG_SERVER_DIR} ] && mkdir -p ${DEBUG_SERVER_DIR} 128 SETTINGS=${DEBUG_SERVER_DIR}/settings 129 [ -r ${SETTINGS} ] && grep -qE "default_action\s+kill" ${SETTINGS} && { echo "Nothing to do"; } || { \ 130 echo We change the debug_server default_action from user to silently kill; \ 131 [ ! -r ${SETTINGS} ] && echo "default_action kill" >${SETTINGS} || { mv ${SETTINGS} s.tmp; sed -e "s/default_action\s\s*user/default_action kill/" s.tmp > ${SETTINGS}; rm s.tmp; }; \ 132 echo Settings applied.; echo; \ 133 } 134 DONE=1 135fi 136test -z "$DONE" && echo Error: Unknown platform: $PLATFORM 137exit 0 138