]>
Commit | Line | Data |
---|---|---|
73f3171f | 1 | # |
bde18770 | 2 | # Grsecurity |
73f3171f | 3 | # |
4 | CONFIG_GRKERNSEC=y | |
ef6d8411 JR |
5 | |
6 | # | |
7 | # Buffer Overflow Protection | |
8 | # | |
73f3171f | 9 | CONFIG_GRKERNSEC_STACK=y |
10 | CONFIG_GRKERNSEC_STACK_GCC=y | |
dc549130 | 11 | # CONFIG_GRKERNSEC_PAX_RANDMMAP is not set |
ef6d8411 | 12 | |
63303e4e JR |
13 | # |
14 | # Access Control Lists | |
15 | # | |
16 | # CONFIG_OBV_PROC is not set | |
29b2a69e | 17 | # CONFIG_GRKERNSEC_ACL is not set |
ef6d8411 JR |
18 | # |
19 | # Filesystem Protections | |
20 | # | |
73f3171f | 21 | CONFIG_GRKERNSEC_PROC=y |
ef6d8411 JR |
22 | # CONFIG_GRKERNSEC_PROC_USER is not set |
23 | CONFIG_GRKERNSEC_PROC_USERGROUP=y | |
24 | CONFIG_GRKERNSEC_PROC_GID=17 | |
73f3171f | 25 | CONFIG_GRKERNSEC_LINK=y |
26 | CONFIG_GRKERNSEC_FIFO=y | |
27 | CONFIG_GRKERNSEC_FD=y | |
ef6d8411 | 28 | CONFIG_GRKERNSEC_CHROOT=y |
29b2a69e | 29 | CONFIG_GRKERNSEC_CHROOT_SIG=y |
30 | CONFIG_GRKERNSEC_CHROOT_MOUNT=y | |
31 | CONFIG_GRKERNSEC_CHROOT_DOUBLE=y | |
32 | CONFIG_GRKERNSEC_CHROOT_CHDIR=y | |
33 | CONFIG_GRKERNSEC_CHROOT_CHMOD=y | |
34 | CONFIG_GRKERNSEC_CHROOT_MKNOD=y | |
35 | CONFIG_GRKERNSEC_CHROOT_PTRACE=y | |
36 | CONFIG_GRKERNSEC_CHROOT_NICE=y | |
63303e4e JR |
37 | CONFIG_GRKERNSEC_CHROOT_EXECLOG=y |
38 | CONFIG_GRKERNSEC_CHROOT_CAPS=y | |
39 | CONFIG_GRKERNSEC_KBMAP=y | |
ef6d8411 JR |
40 | |
41 | # | |
42 | # Security Logging | |
43 | # | |
50b1e2b6 | 44 | CONFIG_GRKERNSEC_EXECLOG=y |
63303e4e | 45 | CONFIG_GRKERNSEC_SUID=y |
73f3171f | 46 | CONFIG_GRKERNSEC_SIGNAL=y |
63303e4e | 47 | CONFIG_GRKERNSEC_FORKFAIL=y |
73f3171f | 48 | CONFIG_GRKERNSEC_TIME=y |
ef6d8411 JR |
49 | |
50 | # | |
51 | # Executable Protections | |
52 | # | |
53 | CONFIG_GRKERNSEC_EXECVE=y | |
bde18770 | 54 | CONFIG_GRKERNSEC_RANDPID=y |
29b2a69e | 55 | CONFIG_GRKERNSEC_IPC=y |
56 | CONFIG_GRKERNSEC_TTYROOT=y | |
57 | CONFIG_GRKERNSEC_TTYROOT_PHYS=y | |
58 | CONFIG_GRKERNSEC_TTYROOT_SERIAL=y | |
59 | CONFIG_GRKERNSEC_TTYROOT_PSEUDO=y | |
63303e4e JR |
60 | CONFIG_GRKERNSEC_FORKBOMB=y |
61 | CONFIG_GRKERNSEC_FORKBOMB_GID=65504 | |
62 | CONFIG_GRKERNSEC_FORKBOMB_SEC=40 | |
63 | CONFIG_GRKERNSEC_FORKBOMB_MAX=20 | |
64 | CONFIG_GRKERNSEC_TPE=y | |
65 | CONFIG_GRKERNSEC_TPE_GLIBC=y | |
66 | CONFIG_GRKERNSEC_TPE_ALL=y | |
67 | CONFIG_GRKERNSEC_TPE_GID=65500 | |
ef6d8411 JR |
68 | |
69 | # | |
70 | # Network Protections | |
71 | # | |
63303e4e JR |
72 | CONFIG_GRKERNSEC_RANDID=y |
73 | CONFIG_GRKERNSEC_RANDSRC=y | |
74 | CONFIG_GRKERNSEC_RANDPING=y | |
75 | CONFIG_GRKERNSEC_RANDTTL=y | |
76 | CONFIG_GRKERNSEC_RANDTTL_THRESH=64 | |
73f3171f | 77 | CONFIG_GRKERNSEC_RANDNET=y |
78 | CONFIG_GRKERNSEC_SOCKET=y | |
79 | CONFIG_GRKERNSEC_SOCKET_ALL=y | |
37897915 | 80 | CONFIG_GRKERNSEC_SOCKET_ALL_GID=1004 |
ef6d8411 | 81 | CONFIG_GRKERNSEC_ALL_GID=65501 |
73f3171f | 82 | CONFIG_GRKERNSEC_SOCKET_CLIENT=y |
37897915 | 83 | CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=1003 |
ef6d8411 | 84 | CONFIG_GRKERNSEC_CLIENT_GID=65502 |
73f3171f | 85 | CONFIG_GRKERNSEC_SOCKET_SERVER=y |
37897915 | 86 | CONFIG_GRKERNSEC_SOCKET_SERVER_GID=1002 |
ef6d8411 | 87 | CONFIG_GRKERNSEC_SERVER_GID=65503 |
05de8a04 | 88 | CONFIG_GRKERNSEC_PTRACE=y |
89 | CONFIG_GRKERNSEC_PTRACE_GROUP=y | |
90 | CONFIG_GRKERNSEC_PTRACE_GID=1008 | |
63303e4e JR |
91 | CONFIG_GRKERNSEC_STEALTH=y |
92 | CONFIG_GRKERNSEC_STEALTH_RST=y | |
93 | CONFIG_GRKERNSEC_STEALTH_UDP=y | |
94 | CONFIG_GRKERNSEC_STEALTH_ICMP=y | |
95 | CONFIG_GRKERNSEC_STEALTH_IGMP=y | |
96 | CONFIG_GRKERNSEC_STEALTH_FLAGS=y | |
97 | ||
05de8a04 | 98 | # |
99 | # Network Logging | |
100 | # | |
101 | CONFIG_GRKERNSEC_STEALTH_ICMP_LOG=y | |
102 | CONFIG_GRKERNSEC_STEALTH_RST_LOG=y | |
103 | CONFIG_GRKERNSEC_STEALTH_UDP_LOG=y | |
104 | CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG=y | |
105 | ||
63303e4e JR |
106 | # |
107 | # Sysctl support | |
108 | # | |
109 | CONFIG_GRKERNSEC_SYSCTL=y | |
ef6d8411 JR |
110 | |
111 | # | |
112 | # Miscellaneous Enhancements | |
113 | # | |
63303e4e | 114 | CONFIG_GRKERNSEC_COREDUMP=y |