[packages/kernel.git] / kernel-grsec.config

#
# Grsecurity
#
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MEDIUM is not set
# CONFIG_GRKERNSEC_HIGH is not set
CONFIG_GRKERNSEC_CUSTOM=y

#
# Address Space Protection
#
# CONFIG_GRKERNSEC_KMEM is not set
# CONFIG_GRKERNSEC_IO is not set
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_MODSTOP=y
# CONFIG_GRKERNSEC_HIDESYM is not set

#
# Role Based Access Control Options
#
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30

#
# Filesystem Protections
#
CONFIG_GRKERNSEC_PROC=y
# CONFIG_GRKERNSEC_PROC_USER is not set
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=17
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y

#
# Kernel Auditing
#
CONFIG_GRKERNSEC_AUDIT_GROUP=y
CONFIG_GRKERNSEC_AUDIT_GID=1007
CONFIG_GRKERNSEC_EXECLOG=y
CONFIG_GRKERNSEC_RESLOG=y
CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
CONFIG_GRKERNSEC_AUDIT_CHDIR=y
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
CONFIG_GRKERNSEC_AUDIT_IPC=y
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set

#
# Executable Protections
#
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_SHM=y
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_RANDPID=y
CONFIG_GRKERNSEC_TPE=y
CONFIG_GRKERNSEC_TPE_ALL=y
# CONFIG_GRKERNSEC_TPE_INVERT is not set
CONFIG_GRKERNSEC_TPE_GID=65500

#
# Network Protections
#
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_SOCKET=y
CONFIG_GRKERNSEC_SOCKET_ALL=y
CONFIG_GRKERNSEC_SOCKET_ALL_GID=65501
CONFIG_GRKERNSEC_SOCKET_CLIENT=y
CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=65502
CONFIG_GRKERNSEC_SOCKET_SERVER=y
CONFIG_GRKERNSEC_SOCKET_SERVER_GID=65503

#
# Sysctl support
#
CONFIG_GRKERNSEC_SYSCTL=y
# CONFIG_GRKERNSEC_SYSCTL_ON is not set

#
# Logging Options
#
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=10

#
# PaX
#
# CONFIG_PAX is not set

CONFIG_IP_NF_MATCH_STEALTH=m
Commit	Line	Data
c6410bf7	1	#
	2	# Grsecurity
	3	#
	4	CONFIG_GRKERNSEC=y
	5	# CONFIG_GRKERNSEC_LOW is not set
	6	# CONFIG_GRKERNSEC_MEDIUM is not set
	7	# CONFIG_GRKERNSEC_HIGH is not set
	8	CONFIG_GRKERNSEC_CUSTOM=y
	9
	10	#
	11	# Address Space Protection
	12	#
	13	# CONFIG_GRKERNSEC_KMEM is not set
	14	# CONFIG_GRKERNSEC_IO is not set
	15	CONFIG_GRKERNSEC_BRUTE=y
	16	CONFIG_GRKERNSEC_MODSTOP=y
	17	# CONFIG_GRKERNSEC_HIDESYM is not set
	18
	19	#
	20	# Role Based Access Control Options
	21	#
	22	CONFIG_GRKERNSEC_ACL_HIDEKERN=y
	23	CONFIG_GRKERNSEC_ACL_MAXTRIES=3
	24	CONFIG_GRKERNSEC_ACL_TIMEOUT=30
	25
	26	#
	27	# Filesystem Protections
	28	#
	29	CONFIG_GRKERNSEC_PROC=y
	30	# CONFIG_GRKERNSEC_PROC_USER is not set
	31	CONFIG_GRKERNSEC_PROC_USERGROUP=y
	32	CONFIG_GRKERNSEC_PROC_GID=17
	33	CONFIG_GRKERNSEC_PROC_ADD=y
	34	CONFIG_GRKERNSEC_LINK=y
	35	CONFIG_GRKERNSEC_FIFO=y
	36	CONFIG_GRKERNSEC_CHROOT=y
	37	CONFIG_GRKERNSEC_CHROOT_MOUNT=y
	38	CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
	39	CONFIG_GRKERNSEC_CHROOT_PIVOT=y
	40	CONFIG_GRKERNSEC_CHROOT_CHDIR=y
	41	CONFIG_GRKERNSEC_CHROOT_CHMOD=y
	42	CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
	43	CONFIG_GRKERNSEC_CHROOT_MKNOD=y
	44	CONFIG_GRKERNSEC_CHROOT_SHMAT=y
	45	CONFIG_GRKERNSEC_CHROOT_UNIX=y
	46	CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
	47	CONFIG_GRKERNSEC_CHROOT_NICE=y
	48	CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
	49	CONFIG_GRKERNSEC_CHROOT_CAPS=y
	50
	51	#
	52	# Kernel Auditing
	53	#
	54	CONFIG_GRKERNSEC_AUDIT_GROUP=y
	55	CONFIG_GRKERNSEC_AUDIT_GID=1007
	56	CONFIG_GRKERNSEC_EXECLOG=y
	57	CONFIG_GRKERNSEC_RESLOG=y
	58	CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
	59	CONFIG_GRKERNSEC_AUDIT_CHDIR=y
	60	CONFIG_GRKERNSEC_AUDIT_MOUNT=y
	61	CONFIG_GRKERNSEC_AUDIT_IPC=y
	62	CONFIG_GRKERNSEC_SIGNAL=y
	63	CONFIG_GRKERNSEC_FORKFAIL=y
	64	CONFIG_GRKERNSEC_TIME=y
65	CONFIG_GRKERNSEC_PROC_IPADDR=y
66	# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
67
68	#
69	# Executable Protections
70	#
71	CONFIG_GRKERNSEC_EXECVE=y
72	CONFIG_GRKERNSEC_SHM=y
73	CONFIG_GRKERNSEC_DMESG=y
74	CONFIG_GRKERNSEC_RANDPID=y
75	CONFIG_GRKERNSEC_TPE=y
76	CONFIG_GRKERNSEC_TPE_ALL=y
77	# CONFIG_GRKERNSEC_TPE_INVERT is not set
78	CONFIG_GRKERNSEC_TPE_GID=65500
79
80	#
81	# Network Protections
82	#
83	CONFIG_GRKERNSEC_RANDNET=y
84	CONFIG_GRKERNSEC_SOCKET=y
85	CONFIG_GRKERNSEC_SOCKET_ALL=y
86	CONFIG_GRKERNSEC_SOCKET_ALL_GID=65501
87	CONFIG_GRKERNSEC_SOCKET_CLIENT=y
88	CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=65502
89	CONFIG_GRKERNSEC_SOCKET_SERVER=y
90	CONFIG_GRKERNSEC_SOCKET_SERVER_GID=65503
91
92	#
93	# Sysctl support
94	#
95	CONFIG_GRKERNSEC_SYSCTL=y
96	# CONFIG_GRKERNSEC_SYSCTL_ON is not set
97
98	#
99	# Logging Options
100	#
101	CONFIG_GRKERNSEC_FLOODTIME=10
102	CONFIG_GRKERNSEC_FLOODBURST=10
103
104	#
105	# PaX
106	#
107	# CONFIG_PAX is not set
108
109	CONFIG_IP_NF_MATCH_STEALTH=m