]>
Commit | Line | Data |
---|---|---|
7f651772 | 1 | # |
2 | # Grsecurity | |
3 | # | |
4 | CONFIG_GRKERNSEC=y | |
5 | # CONFIG_GRKERNSEC_LOW is not set | |
6 | # CONFIG_GRKERNSEC_MEDIUM is not set | |
7 | # CONFIG_GRKERNSEC_HIGH is not set | |
8 | CONFIG_GRKERNSEC_CUSTOM=y | |
9 | ||
10 | # | |
11 | # Address Space Protection | |
12 | # | |
13 | # CONFIG_GRKERNSEC_KMEM is not set | |
14 | # CONFIG_GRKERNSEC_IO is not set | |
15 | # CONFIG_GRKERNSEC_PROC_MEMMAP is not set | |
16 | CONFIG_GRKERNSEC_BRUTE=y | |
17 | CONFIG_GRKERNSEC_MODSTOP=y | |
18 | # CONFIG_GRKERNSEC_HIDESYM is not set | |
19 | ||
20 | # | |
21 | # Role Based Access Control Options | |
22 | # | |
23 | CONFIG_GRKERNSEC_ACL_HIDEKERN=y | |
24 | CONFIG_GRKERNSEC_ACL_MAXTRIES=3 | |
25 | CONFIG_GRKERNSEC_ACL_TIMEOUT=30 | |
26 | ||
27 | # | |
28 | # Filesystem Protections | |
29 | # | |
30 | CONFIG_GRKERNSEC_PROC=y | |
31 | # CONFIG_GRKERNSEC_PROC_USER is not set | |
32 | CONFIG_GRKERNSEC_PROC_USERGROUP=y | |
33 | CONFIG_GRKERNSEC_PROC_GID=17 | |
34 | CONFIG_GRKERNSEC_PROC_ADD=y | |
35 | CONFIG_GRKERNSEC_LINK=y | |
36 | CONFIG_GRKERNSEC_FIFO=y | |
37 | CONFIG_GRKERNSEC_CHROOT=y | |
38 | CONFIG_GRKERNSEC_CHROOT_MOUNT=y | |
39 | CONFIG_GRKERNSEC_CHROOT_DOUBLE=y | |
40 | CONFIG_GRKERNSEC_CHROOT_PIVOT=y | |
41 | CONFIG_GRKERNSEC_CHROOT_CHDIR=y | |
42 | CONFIG_GRKERNSEC_CHROOT_CHMOD=y | |
43 | CONFIG_GRKERNSEC_CHROOT_FCHDIR=y | |
44 | CONFIG_GRKERNSEC_CHROOT_MKNOD=y | |
45 | CONFIG_GRKERNSEC_CHROOT_SHMAT=y | |
46 | CONFIG_GRKERNSEC_CHROOT_UNIX=y | |
47 | CONFIG_GRKERNSEC_CHROOT_FINDTASK=y | |
48 | CONFIG_GRKERNSEC_CHROOT_NICE=y | |
49 | CONFIG_GRKERNSEC_CHROOT_SYSCTL=y | |
50 | CONFIG_GRKERNSEC_CHROOT_CAPS=y | |
51 | ||
52 | # | |
53 | # Kernel Auditing | |
54 | # | |
55 | CONFIG_GRKERNSEC_AUDIT_GROUP=y | |
56 | CONFIG_GRKERNSEC_AUDIT_GID=1007 | |
57 | CONFIG_GRKERNSEC_EXECLOG=y | |
58 | CONFIG_GRKERNSEC_RESLOG=y | |
59 | CONFIG_GRKERNSEC_CHROOT_EXECLOG=y | |
60 | CONFIG_GRKERNSEC_AUDIT_CHDIR=y | |
61 | CONFIG_GRKERNSEC_AUDIT_MOUNT=y | |
62 | CONFIG_GRKERNSEC_AUDIT_IPC=y | |
63 | CONFIG_GRKERNSEC_SIGNAL=y | |
64 | CONFIG_GRKERNSEC_FORKFAIL=y | |
65 | CONFIG_GRKERNSEC_TIME=y | |
66 | CONFIG_GRKERNSEC_PROC_IPADDR=y | |
67 | # CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set | |
68 | ||
69 | # | |
70 | # Executable Protections | |
71 | # | |
72 | CONFIG_GRKERNSEC_EXECVE=y | |
73 | CONFIG_GRKERNSEC_SHM=y | |
74 | CONFIG_GRKERNSEC_DMESG=y | |
75 | CONFIG_GRKERNSEC_TPE=y | |
76 | CONFIG_GRKERNSEC_TPE_ALL=y | |
77 | # CONFIG_GRKERNSEC_TPE_INVERT is not set | |
78 | CONFIG_GRKERNSEC_TPE_GID=65500 | |
79 | ||
80 | # | |
81 | # Network Protections | |
82 | # | |
83 | CONFIG_GRKERNSEC_RANDNET=y | |
84 | CONFIG_GRKERNSEC_SOCKET=y | |
85 | CONFIG_GRKERNSEC_SOCKET_ALL=y | |
86 | CONFIG_GRKERNSEC_SOCKET_ALL_GID=65501 | |
87 | CONFIG_GRKERNSEC_SOCKET_CLIENT=y | |
88 | CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=65502 | |
89 | CONFIG_GRKERNSEC_SOCKET_SERVER=y | |
90 | CONFIG_GRKERNSEC_SOCKET_SERVER_GID=65503 | |
91 | ||
92 | # | |
93 | # Sysctl support | |
94 | # | |
95 | CONFIG_GRKERNSEC_SYSCTL=y | |
96 | # CONFIG_GRKERNSEC_SYSCTL_ON is not set | |
97 | ||
98 | # | |
99 | # Logging Options | |
100 | # | |
101 | CONFIG_GRKERNSEC_FLOODTIME=10 | |
102 | CONFIG_GRKERNSEC_FLOODBURST=10 | |
103 | ||
104 | CONFIG_IP_NF_MATCH_STEALTH=m |