mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-08 16:21:32 +00:00
67 lines
2.9 KiB
Bash
Executable File
67 lines
2.9 KiB
Bash
Executable File
#!/bin/sh
|
|
test "$1" = "-h" && {
|
|
echo afl-system-config by Marc Heuse
|
|
echo
|
|
echo $0
|
|
echo
|
|
echo afl-system-config has no command line options
|
|
echo
|
|
echo afl-system reconfigures the system to a high performance fuzzing state
|
|
echo WARNING: this reduces the security of the system
|
|
echo
|
|
exit 1
|
|
}
|
|
|
|
PLATFORM=`uname -s`
|
|
echo This reconfigures the system to have a better fuzzing performance
|
|
if [ '!' "$EUID" = 0 ] && [ '!' `id -u` = 0 ] ; then
|
|
echo Error you need to be root to run this
|
|
exit 1
|
|
fi
|
|
if [ "$PLATFORM" = "Linux" ] ; then
|
|
sysctl -w kernel.core_pattern=core
|
|
sysctl -w kernel.randomize_va_space=0
|
|
sysctl -w kernel.sched_child_runs_first=1
|
|
sysctl -w kernel.sched_autogroup_enabled=1
|
|
sysctl -w kernel.sched_migration_cost_ns=50000000
|
|
sysctl -w kernel.sched_latency_ns=250000000
|
|
echo never > /sys/kernel/mm/transparent_hugepage/enabled
|
|
test -e /sys/devices/system/cpu/cpufreq/scaling_governor && echo performance | tee /sys/devices/system/cpu/cpufreq/scaling_governor
|
|
test -e /sys/devices/system/cpu/cpufreq/policy0/scaling_governor && echo performance | tee /sys/devices/system/cpu/cpufreq/policy*/scaling_governor
|
|
test -e /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor && echo performance | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
|
|
test -e /sys/devices/system/cpu/intel_pstate/no_turbo && echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo
|
|
test -e /sys/devices/system/cpu/cpufreq/boost && echo 1 > /sys/devices/system/cpu/cpufreq/boost
|
|
echo
|
|
echo It is recommended to boot the kernel with lots of security off - if you are running a machine that is in a secured network - so set this:
|
|
echo '/etc/default/grub:GRUB_CMDLINE_LINUX_DEFAULT="ibpb=off ibrs=off kpti=off l1tf=off mds=off mitigations=off no_stf_barrier noibpb noibrs nopcid nopti nospec_store_bypass_disable nospectre_v1 nospectre_v2 pcid=off pti=off spec_store_bypass_disable=off spectre_v2=off stf_barrier=off"'
|
|
fi
|
|
if [ "$PLATFORM" = "FreeBSD" ] ; then
|
|
sysctl kern.elf32.aslr.enable=0
|
|
sysctl kern.elf64.aslr.enable=0
|
|
echo
|
|
echo It is recommended to boot the kernel with lots of security off - if you are running a machine that is in a secured network - so set this:
|
|
echo 'sysctl hw.ibrs_disable=1'
|
|
echo
|
|
echo 'Setting kern.pmap.pg_ps_enabled=0 into /boot/loader.conf might be helpful too.'
|
|
fi
|
|
if [ "$PLATFORM" = "OpenBSD" ] ; then
|
|
echo
|
|
echo 'System security features cannot be disabled on OpenBSD.'
|
|
fi
|
|
if [ "$PLATFORM" = "NetBSD" ] ; then
|
|
echo
|
|
echo It is recommended to enable unprivileged users to set cpu affinity
|
|
to be able to use afl-gotcpu meaningfully.
|
|
/sbin/sysctl -w security.models.extensions.user_set_cpu_affinity=1
|
|
fi
|
|
if [ "$PLATFORM" = "Darwin" ] ; then
|
|
if [ $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') ] ; then
|
|
echo We unload the default crash reporter here
|
|
SL=/System/Library; PL=com.apple.ReportCrash
|
|
launchctl unload -w ${SL}/LaunchAgents/${PL}.plist
|
|
sudo launchctl unload -w ${SL}/LaunchDaemons/${PL}.Root.plist
|
|
fi
|
|
fi
|
|
echo
|
|
echo Also use AFL_TMPDIR to use a tmpfs for the input file
|