]> git.pld-linux.org Git - packages/kernel.git/blame - kernel-grsec.config
projects / packages / kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
9cdd694a797623b3d0f76ee69304dd85 linux-loop-hvr-2.4.16.0.patch
[packages/kernel.git] / kernel-grsec.config
CommitLineData
73f3171f 1#
bde18770 2# Grsecurity
73f3171f 3#
4CONFIG_GRKERNSEC=y
ef6d8411
JR		 5
6#
7# Buffer Overflow Protection
8#
73f3171f 9CONFIG_GRKERNSEC_STACK=y
10CONFIG_GRKERNSEC_STACK_GCC=y
dc549130 11# CONFIG_GRKERNSEC_PAX_RANDMMAP is not set
ef6d8411 12
63303e4e
JR		 13#
14# Access Control Lists
15#
16# CONFIG_OBV_PROC is not set
29b2a69e 17# CONFIG_GRKERNSEC_ACL is not set
ef6d8411
JR		 18#
19# Filesystem Protections
20#
73f3171f 21CONFIG_GRKERNSEC_PROC=y
ef6d8411
JR		 22# CONFIG_GRKERNSEC_PROC_USER is not set
23CONFIG_GRKERNSEC_PROC_USERGROUP=y
24CONFIG_GRKERNSEC_PROC_GID=17
73f3171f 25CONFIG_GRKERNSEC_LINK=y
26CONFIG_GRKERNSEC_FIFO=y
27CONFIG_GRKERNSEC_FD=y
ef6d8411 28CONFIG_GRKERNSEC_CHROOT=y
29b2a69e 29CONFIG_GRKERNSEC_CHROOT_SIG=y
30CONFIG_GRKERNSEC_CHROOT_MOUNT=y
31CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
32CONFIG_GRKERNSEC_CHROOT_CHDIR=y
33CONFIG_GRKERNSEC_CHROOT_CHMOD=y
34CONFIG_GRKERNSEC_CHROOT_MKNOD=y
35CONFIG_GRKERNSEC_CHROOT_PTRACE=y
36CONFIG_GRKERNSEC_CHROOT_NICE=y
63303e4e
JR		 37CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
38CONFIG_GRKERNSEC_CHROOT_CAPS=y
39CONFIG_GRKERNSEC_KBMAP=y
ef6d8411
JR		 40
41#
42# Security Logging
43#
50b1e2b6 44CONFIG_GRKERNSEC_EXECLOG=y
63303e4e 45CONFIG_GRKERNSEC_SUID=y
73f3171f 46CONFIG_GRKERNSEC_SIGNAL=y
63303e4e 47CONFIG_GRKERNSEC_FORKFAIL=y
73f3171f 48CONFIG_GRKERNSEC_TIME=y
ef6d8411
JR		 49
50#
51# Executable Protections
52#
53CONFIG_GRKERNSEC_EXECVE=y
bde18770 54CONFIG_GRKERNSEC_RANDPID=y
29b2a69e 55CONFIG_GRKERNSEC_IPC=y
56CONFIG_GRKERNSEC_TTYROOT=y
57CONFIG_GRKERNSEC_TTYROOT_PHYS=y
58CONFIG_GRKERNSEC_TTYROOT_SERIAL=y
59CONFIG_GRKERNSEC_TTYROOT_PSEUDO=y
63303e4e
JR		 60CONFIG_GRKERNSEC_FORKBOMB=y
61CONFIG_GRKERNSEC_FORKBOMB_GID=65504
62CONFIG_GRKERNSEC_FORKBOMB_SEC=40
63CONFIG_GRKERNSEC_FORKBOMB_MAX=20
64CONFIG_GRKERNSEC_TPE=y
65CONFIG_GRKERNSEC_TPE_GLIBC=y
66CONFIG_GRKERNSEC_TPE_ALL=y
67CONFIG_GRKERNSEC_TPE_GID=65500
ef6d8411
JR		 68
69#
70# Network Protections
71#
63303e4e
JR		 72CONFIG_GRKERNSEC_RANDID=y
73CONFIG_GRKERNSEC_RANDSRC=y
74CONFIG_GRKERNSEC_RANDPING=y
75CONFIG_GRKERNSEC_RANDTTL=y
76CONFIG_GRKERNSEC_RANDTTL_THRESH=64
73f3171f 77CONFIG_GRKERNSEC_RANDNET=y
78CONFIG_GRKERNSEC_SOCKET=y
79CONFIG_GRKERNSEC_SOCKET_ALL=y
37897915 80CONFIG_GRKERNSEC_SOCKET_ALL_GID=1004
ef6d8411 81CONFIG_GRKERNSEC_ALL_GID=65501
73f3171f 82CONFIG_GRKERNSEC_SOCKET_CLIENT=y
37897915 83CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=1003
ef6d8411 84CONFIG_GRKERNSEC_CLIENT_GID=65502
73f3171f 85CONFIG_GRKERNSEC_SOCKET_SERVER=y
37897915 86CONFIG_GRKERNSEC_SOCKET_SERVER_GID=1002
ef6d8411 87CONFIG_GRKERNSEC_SERVER_GID=65503
05de8a04 88CONFIG_GRKERNSEC_PTRACE=y
89CONFIG_GRKERNSEC_PTRACE_GROUP=y
90CONFIG_GRKERNSEC_PTRACE_GID=1008
63303e4e
JR		 91CONFIG_GRKERNSEC_STEALTH=y
92CONFIG_GRKERNSEC_STEALTH_RST=y
93CONFIG_GRKERNSEC_STEALTH_UDP=y
94CONFIG_GRKERNSEC_STEALTH_ICMP=y
95CONFIG_GRKERNSEC_STEALTH_IGMP=y
96CONFIG_GRKERNSEC_STEALTH_FLAGS=y
97
05de8a04 98#
99# Network Logging
100#
101CONFIG_GRKERNSEC_STEALTH_ICMP_LOG=y
102CONFIG_GRKERNSEC_STEALTH_RST_LOG=y
103CONFIG_GRKERNSEC_STEALTH_UDP_LOG=y
104CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG=y
105
63303e4e
JR		 106#
107# Sysctl support
108#
109CONFIG_GRKERNSEC_SYSCTL=y
ef6d8411
JR		 110
111#
112# Miscellaneous Enhancements
113#
63303e4e 114CONFIG_GRKERNSEC_COREDUMP=y
The Linux kernel (the core of the Linux operating system)
This page took 0.05027 seconds and 4 git commands to generate.