]>
Commit | Line | Data |
---|---|---|
7383e370 | 1 | # |
2 | # PaX | |
3 | # | |
4 | CONFIG_PAX=y | |
5 | ||
6 | # | |
7 | # PaX Control | |
8 | # | |
9 | CONFIG_PAX_SOFTMODE=y | |
10 | # CONFIG_PAX_EI_PAX is not set | |
11 | CONFIG_PAX_PT_PAX_FLAGS=y | |
12 | # CONFIG_PAX_NO_ACL_FLAGS is not set | |
13 | CONFIG_PAX_HAVE_ACL_FLAGS=y | |
14 | # CONFIG_PAX_HOOK_ACL_FLAGS is not set | |
15 | ||
16 | # | |
17 | # Non-executable pages | |
18 | # | |
19 | CONFIG_PAX_NOEXEC=y | |
20 | CONFIG_PAX_PAGEEXEC=y | |
21 | CONFIG_PAX_SEGMEXEC=y | |
22 | # CONFIG_PAX_DEFAULT_PAGEEXEC is not set | |
23 | CONFIG_PAX_DEFAULT_SEGMEXEC=y | |
24 | CONFIG_PAX_EMUTRAMP=y | |
25 | CONFIG_PAX_MPROTECT=y | |
26 | # CONFIG_PAX_NOELFRELOCS is not set | |
27 | ||
28 | # | |
29 | # Address Space Layout Randomization | |
30 | # | |
31 | CONFIG_PAX_ASLR=y | |
32 | # CONFIG_PAX_RANDKSTACK is not set | |
33 | CONFIG_PAX_RANDUSTACK=y | |
34 | CONFIG_PAX_RANDMMAP=y | |
35 | CONFIG_PAX_NOVSYSCALL=y | |
36 | ||
37 | # | |
38 | # Grsecurity | |
39 | # | |
40 | CONFIG_GRKERNSEC=y | |
41 | # CONFIG_GRKERNSEC_LOW is not set | |
42 | # CONFIG_GRKERNSEC_MEDIUM is not set | |
43 | # CONFIG_GRKERNSEC_HIGH is not set | |
44 | CONFIG_GRKERNSEC_CUSTOM=y | |
45 | ||
46 | # | |
47 | # Address Space Protection | |
48 | # | |
49 | CONFIG_GRKERNSEC_KMEM=y | |
50 | # CONFIG_GRKERNSEC_IO is not set | |
51 | CONFIG_GRKERNSEC_PROC_MEMMAP=y | |
52 | CONFIG_GRKERNSEC_BRUTE=y | |
53 | CONFIG_GRKERNSEC_MODSTOP=y | |
54 | # CONFIG_GRKERNSEC_HIDESYM is not set | |
55 | ||
56 | # | |
57 | # Role Based Access Control Options | |
58 | # | |
59 | CONFIG_GRKERNSEC_ACL_HIDEKERN=y | |
60 | CONFIG_GRKERNSEC_ACL_MAXTRIES=3 | |
61 | CONFIG_GRKERNSEC_ACL_TIMEOUT=30 | |
62 | ||
63 | # | |
64 | # Filesystem Protections | |
65 | # | |
66 | CONFIG_GRKERNSEC_PROC=y | |
67 | # CONFIG_GRKERNSEC_PROC_USER is not set | |
68 | CONFIG_GRKERNSEC_PROC_USERGROUP=y | |
69 | CONFIG_GRKERNSEC_PROC_GID=17 | |
70 | CONFIG_GRKERNSEC_PROC_ADD=y | |
71 | CONFIG_GRKERNSEC_LINK=y | |
72 | CONFIG_GRKERNSEC_FIFO=y | |
73 | CONFIG_GRKERNSEC_CHROOT=y | |
74 | CONFIG_GRKERNSEC_CHROOT_MOUNT=y | |
75 | CONFIG_GRKERNSEC_CHROOT_DOUBLE=y | |
76 | CONFIG_GRKERNSEC_CHROOT_PIVOT=y | |
77 | CONFIG_GRKERNSEC_CHROOT_CHDIR=y | |
78 | CONFIG_GRKERNSEC_CHROOT_CHMOD=y | |
79 | CONFIG_GRKERNSEC_CHROOT_FCHDIR=y | |
80 | CONFIG_GRKERNSEC_CHROOT_MKNOD=y | |
81 | CONFIG_GRKERNSEC_CHROOT_SHMAT=y | |
82 | CONFIG_GRKERNSEC_CHROOT_UNIX=y | |
83 | CONFIG_GRKERNSEC_CHROOT_FINDTASK=y | |
84 | CONFIG_GRKERNSEC_CHROOT_NICE=y | |
85 | CONFIG_GRKERNSEC_CHROOT_SYSCTL=y | |
86 | CONFIG_GRKERNSEC_CHROOT_CAPS=y | |
87 | ||
88 | # | |
89 | # Kernel Auditing | |
90 | # | |
91 | CONFIG_GRKERNSEC_AUDIT_GROUP=y | |
92 | CONFIG_GRKERNSEC_AUDIT_GID=1007 | |
93 | CONFIG_GRKERNSEC_EXECLOG=y | |
94 | CONFIG_GRKERNSEC_RESLOG=y | |
95 | CONFIG_GRKERNSEC_CHROOT_EXECLOG=y | |
96 | CONFIG_GRKERNSEC_AUDIT_CHDIR=y | |
97 | CONFIG_GRKERNSEC_AUDIT_MOUNT=y | |
98 | CONFIG_GRKERNSEC_AUDIT_IPC=y | |
99 | CONFIG_GRKERNSEC_SIGNAL=y | |
100 | CONFIG_GRKERNSEC_FORKFAIL=y | |
101 | CONFIG_GRKERNSEC_TIME=y | |
102 | CONFIG_GRKERNSEC_PROC_IPADDR=y | |
103 | # CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set | |
104 | ||
105 | # | |
106 | # Executable Protections | |
107 | # | |
108 | CONFIG_GRKERNSEC_EXECVE=y | |
109 | CONFIG_GRKERNSEC_SHM=y | |
110 | CONFIG_GRKERNSEC_DMESG=y | |
111 | CONFIG_GRKERNSEC_RANDPID=y | |
112 | CONFIG_GRKERNSEC_TPE=y | |
113 | CONFIG_GRKERNSEC_TPE_ALL=y | |
114 | # CONFIG_GRKERNSEC_TPE_INVERT is not set | |
115 | CONFIG_GRKERNSEC_TPE_GID=65500 | |
116 | ||
117 | # | |
118 | # Network Protections | |
119 | # | |
120 | CONFIG_GRKERNSEC_RANDNET=y | |
121 | CONFIG_GRKERNSEC_SOCKET=y | |
122 | CONFIG_GRKERNSEC_SOCKET_ALL=y | |
123 | CONFIG_GRKERNSEC_SOCKET_ALL_GID=65501 | |
124 | CONFIG_GRKERNSEC_SOCKET_CLIENT=y | |
125 | CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=65502 | |
126 | CONFIG_GRKERNSEC_SOCKET_SERVER=y | |
127 | CONFIG_GRKERNSEC_SOCKET_SERVER_GID=65503 | |
128 | ||
129 | # | |
130 | # Sysctl support | |
131 | # | |
132 | CONFIG_GRKERNSEC_SYSCTL=y | |
133 | # CONFIG_GRKERNSEC_SYSCTL_ON is not set | |
134 | ||
135 | # | |
136 | # Logging Options | |
137 | # | |
138 | CONFIG_GRKERNSEC_FLOODTIME=10 | |
139 | CONFIG_GRKERNSEC_FLOODBURST=10 | |
140 | ||
141 | # | |
142 | # Some Netfilter stuff | |
143 | # | |
144 | CONFIG_IP_NF_MATCH_STEALTH=m | |
145 |