[packages/kernel.git] / kernel-grsec.config

#
# Grsecurity
#
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MEDIUM is not set
# CONFIG_GRKERNSEC_HIGH is not set
CONFIG_GRKERNSEC_CUSTOM=y

#
# Address Space Protection
#
# CONFIG_GRKERNSEC_KMEM is not set
# CONFIG_GRKERNSEC_IO is not set
# CONFIG_GRKERNSEC_PROC_MEMMAP is not set
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_MODSTOP=y
# CONFIG_GRKERNSEC_HIDESYM is not set

#
# Role Based Access Control Options
#
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30

#
# Filesystem Protections
#
CONFIG_GRKERNSEC_PROC=y
# CONFIG_GRKERNSEC_PROC_USER is not set
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=17
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y

#
# Kernel Auditing
#
CONFIG_GRKERNSEC_AUDIT_GROUP=y
CONFIG_GRKERNSEC_AUDIT_GID=1007
CONFIG_GRKERNSEC_EXECLOG=y
CONFIG_GRKERNSEC_RESLOG=y
CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
CONFIG_GRKERNSEC_AUDIT_CHDIR=y
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
CONFIG_GRKERNSEC_AUDIT_IPC=y
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set

#
# Executable Protections
#
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_SHM=y
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_TPE=y
CONFIG_GRKERNSEC_TPE_ALL=y
# CONFIG_GRKERNSEC_TPE_INVERT is not set
CONFIG_GRKERNSEC_TPE_GID=65500

#
# Network Protections
#
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_SOCKET=y
CONFIG_GRKERNSEC_SOCKET_ALL=y
CONFIG_GRKERNSEC_SOCKET_ALL_GID=65501
CONFIG_GRKERNSEC_SOCKET_CLIENT=y
CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=65502
CONFIG_GRKERNSEC_SOCKET_SERVER=y
CONFIG_GRKERNSEC_SOCKET_SERVER_GID=65503

#
# Sysctl support
#
CONFIG_GRKERNSEC_SYSCTL=y
# CONFIG_GRKERNSEC_SYSCTL_ON is not set

#
# Logging Options
#
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=10

CONFIG_IP_NF_MATCH_STEALTH=m
Commit	Line	Data
7f651772	1	#
	2	# Grsecurity
	3	#
	4	CONFIG_GRKERNSEC=y
	5	# CONFIG_GRKERNSEC_LOW is not set
	6	# CONFIG_GRKERNSEC_MEDIUM is not set
	7	# CONFIG_GRKERNSEC_HIGH is not set
	8	CONFIG_GRKERNSEC_CUSTOM=y
	9
	10	#
	11	# Address Space Protection
	12	#
	13	# CONFIG_GRKERNSEC_KMEM is not set
	14	# CONFIG_GRKERNSEC_IO is not set
	15	# CONFIG_GRKERNSEC_PROC_MEMMAP is not set
	16	CONFIG_GRKERNSEC_BRUTE=y
	17	CONFIG_GRKERNSEC_MODSTOP=y
	18	# CONFIG_GRKERNSEC_HIDESYM is not set
	19
	20	#
	21	# Role Based Access Control Options
	22	#
	23	CONFIG_GRKERNSEC_ACL_HIDEKERN=y
	24	CONFIG_GRKERNSEC_ACL_MAXTRIES=3
	25	CONFIG_GRKERNSEC_ACL_TIMEOUT=30
	26
	27	#
	28	# Filesystem Protections
	29	#
	30	CONFIG_GRKERNSEC_PROC=y
	31	# CONFIG_GRKERNSEC_PROC_USER is not set
	32	CONFIG_GRKERNSEC_PROC_USERGROUP=y
	33	CONFIG_GRKERNSEC_PROC_GID=17
	34	CONFIG_GRKERNSEC_PROC_ADD=y
	35	CONFIG_GRKERNSEC_LINK=y
	36	CONFIG_GRKERNSEC_FIFO=y
	37	CONFIG_GRKERNSEC_CHROOT=y
	38	CONFIG_GRKERNSEC_CHROOT_MOUNT=y
	39	CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
	40	CONFIG_GRKERNSEC_CHROOT_PIVOT=y
	41	CONFIG_GRKERNSEC_CHROOT_CHDIR=y
	42	CONFIG_GRKERNSEC_CHROOT_CHMOD=y
	43	CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
	44	CONFIG_GRKERNSEC_CHROOT_MKNOD=y
	45	CONFIG_GRKERNSEC_CHROOT_SHMAT=y
	46	CONFIG_GRKERNSEC_CHROOT_UNIX=y
	47	CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
	48	CONFIG_GRKERNSEC_CHROOT_NICE=y
	49	CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
	50	CONFIG_GRKERNSEC_CHROOT_CAPS=y
	51
	52	#
	53	# Kernel Auditing
	54	#
	55	CONFIG_GRKERNSEC_AUDIT_GROUP=y
	56	CONFIG_GRKERNSEC_AUDIT_GID=1007
	57	CONFIG_GRKERNSEC_EXECLOG=y
	58	CONFIG_GRKERNSEC_RESLOG=y
	59	CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
	60	CONFIG_GRKERNSEC_AUDIT_CHDIR=y
	61	CONFIG_GRKERNSEC_AUDIT_MOUNT=y
	62	CONFIG_GRKERNSEC_AUDIT_IPC=y
	63	CONFIG_GRKERNSEC_SIGNAL=y
	64	CONFIG_GRKERNSEC_FORKFAIL=y
65	CONFIG_GRKERNSEC_TIME=y
66	CONFIG_GRKERNSEC_PROC_IPADDR=y
67	# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
68
69	#
70	# Executable Protections
71	#
72	CONFIG_GRKERNSEC_EXECVE=y
73	CONFIG_GRKERNSEC_SHM=y
74	CONFIG_GRKERNSEC_DMESG=y
75	CONFIG_GRKERNSEC_TPE=y
76	CONFIG_GRKERNSEC_TPE_ALL=y
77	# CONFIG_GRKERNSEC_TPE_INVERT is not set
78	CONFIG_GRKERNSEC_TPE_GID=65500
79
80	#
81	# Network Protections
82	#
83	CONFIG_GRKERNSEC_RANDNET=y
84	CONFIG_GRKERNSEC_SOCKET=y
85	CONFIG_GRKERNSEC_SOCKET_ALL=y
86	CONFIG_GRKERNSEC_SOCKET_ALL_GID=65501
87	CONFIG_GRKERNSEC_SOCKET_CLIENT=y
88	CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=65502
89	CONFIG_GRKERNSEC_SOCKET_SERVER=y
90	CONFIG_GRKERNSEC_SOCKET_SERVER_GID=65503
91
92	#
93	# Sysctl support
94	#
95	CONFIG_GRKERNSEC_SYSCTL=y
96	# CONFIG_GRKERNSEC_SYSCTL_ON is not set
97
98	#
99	# Logging Options
100	#
101	CONFIG_GRKERNSEC_FLOODTIME=10
102	CONFIG_GRKERNSEC_FLOODBURST=10
103
104	CONFIG_IP_NF_MATCH_STEALTH=m