There are 52 variables sysctl with grsecurity but 42 are used in grsec.conf (linux-grsec-base-0.1). To know the list : cat /usr/src/linux-4.3.3/grsecurity/grsec_sysctl.c | grep "\.procname"
kernel.grsecurity.disable_priv_io kernel.grsecurity.linking_restrictions kernel.grsecurity.enforce_symlinksifowner kernel.grsecurity.symlinkown_gid kernel.grsecurity.deter_bruteforce kernel.grsecurity.fifo_restrictions kernel.grsecurity.ptrace_readexec kernel.grsecurity.consistent_setxid kernel.grsecurity.ip_blackhole kernel.grsecurity.lastack_retries kernel.grsecurity.exec_logging kernel.grsecurity.rwxmap_logging kernel.grsecurity.signal_logging kernel.grsecurity.forkfail_logging kernel.grsecurity.timechange_logging kernel.grsecurity.chroot_deny_shmat kernel.grsecurity.chroot_deny_unix kernel.grsecurity.chroot_deny_mount kernel.grsecurity.chroot_deny_fchdir kernel.grsecurity.chroot_deny_chroot kernel.grsecurity.chroot_deny_pivot kernel.grsecurity.chroot_enforce_chdir kernel.grsecurity.chroot_deny_chmod kernel.grsecurity.chroot_deny_mknod kernel.grsecurity.chroot_restrict_nice kernel.grsecurity.chroot_execlog kernel.grsecurity.chroot_caps kernel.grsecurity.chroot_deny_bad_rename kernel.grsecurity.chroot_deny_sysctl kernel.grsecurity.tpe kernel.grsecurity.tpe_gid kernel.grsecurity.tpe_invert kernel.grsecurity.tpe_restrict_all kernel.grsecurity.socket_all kernel.grsecurity.socket_all_gid kernel.grsecurity.socket_client kernel.grsecurity.socket_client_gid kernel.grsecurity.socket_server kernel.grsecurity.socket_server_gid kernel.grsecurity.audit_group kernel.grsecurity.audit_gid kernel.grsecurity.audit_chdir kernel.grsecurity.audit_mount kernel.grsecurity.dmesg kernel.grsecurity.chroot_findtask kernel.grsecurity.resource_logging kernel.grsecurity.audit_ptrace kernel.grsecurity.harden_ptrace kernel.grsecurity.harden_ipc kernel.grsecurity.grsec_lock kernel.grsecurity.romount_protect kernel.grsecurity.deny_new_usb "kernel.pax.softmode" is not listed in that. -- Best regards, HacKurx (Loic) blog.opensec.fr