7 # Buffer Overflow Protection
9 CONFIG_GRKERNSEC_STACK=y
10 CONFIG_GRKERNSEC_STACK_GCC=y
11 # CONFIG_GRKERNSEC_PAX_RANDMMAP is not set
14 # Access Control Lists
16 # CONFIG_OBV_PROC is not set
17 # CONFIG_GRKERNSEC_ACL is not set
19 # Filesystem Protections
21 CONFIG_GRKERNSEC_PROC=y
22 # CONFIG_GRKERNSEC_PROC_USER is not set
23 CONFIG_GRKERNSEC_PROC_USERGROUP=y
24 CONFIG_GRKERNSEC_PROC_GID=17
25 CONFIG_GRKERNSEC_LINK=y
26 CONFIG_GRKERNSEC_FIFO=y
28 CONFIG_GRKERNSEC_CHROOT=y
29 CONFIG_GRKERNSEC_CHROOT_SIG=y
30 CONFIG_GRKERNSEC_CHROOT_MOUNT=y
31 CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
32 CONFIG_GRKERNSEC_CHROOT_CHDIR=y
33 CONFIG_GRKERNSEC_CHROOT_CHMOD=y
34 CONFIG_GRKERNSEC_CHROOT_MKNOD=y
35 CONFIG_GRKERNSEC_CHROOT_PTRACE=y
36 CONFIG_GRKERNSEC_CHROOT_NICE=y
37 CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
38 CONFIG_GRKERNSEC_CHROOT_CAPS=y
39 CONFIG_GRKERNSEC_KBMAP=y
44 CONFIG_GRKERNSEC_EXECLOG=y
45 CONFIG_GRKERNSEC_SUID=y
46 CONFIG_GRKERNSEC_SIGNAL=y
47 CONFIG_GRKERNSEC_FORKFAIL=y
48 CONFIG_GRKERNSEC_TIME=y
51 # Executable Protections
53 CONFIG_GRKERNSEC_EXECVE=y
54 CONFIG_GRKERNSEC_RANDPID=y
55 CONFIG_GRKERNSEC_IPC=y
56 CONFIG_GRKERNSEC_TTYROOT=y
57 CONFIG_GRKERNSEC_TTYROOT_PHYS=y
58 CONFIG_GRKERNSEC_TTYROOT_SERIAL=y
59 CONFIG_GRKERNSEC_TTYROOT_PSEUDO=y
60 CONFIG_GRKERNSEC_FORKBOMB=y
61 CONFIG_GRKERNSEC_FORKBOMB_GID=65504
62 CONFIG_GRKERNSEC_FORKBOMB_SEC=40
63 CONFIG_GRKERNSEC_FORKBOMB_MAX=20
64 CONFIG_GRKERNSEC_TPE=y
65 CONFIG_GRKERNSEC_TPE_GLIBC=y
66 CONFIG_GRKERNSEC_TPE_ALL=y
67 CONFIG_GRKERNSEC_TPE_GID=65500
72 CONFIG_GRKERNSEC_RANDID=y
73 CONFIG_GRKERNSEC_RANDSRC=y
74 CONFIG_GRKERNSEC_RANDPING=y
75 CONFIG_GRKERNSEC_RANDTTL=y
76 CONFIG_GRKERNSEC_RANDTTL_THRESH=64
77 CONFIG_GRKERNSEC_RANDNET=y
78 CONFIG_GRKERNSEC_SOCKET=y
79 CONFIG_GRKERNSEC_SOCKET_ALL=y
80 CONFIG_GRKERNSEC_SOCKET_ALL_GID=1004
81 CONFIG_GRKERNSEC_ALL_GID=65501
82 CONFIG_GRKERNSEC_SOCKET_CLIENT=y
83 CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=1003
84 CONFIG_GRKERNSEC_CLIENT_GID=65502
85 CONFIG_GRKERNSEC_SOCKET_SERVER=y
86 CONFIG_GRKERNSEC_SOCKET_SERVER_GID=1002
87 CONFIG_GRKERNSEC_SERVER_GID=65503
88 CONFIG_GRKERNSEC_PTRACE=y
89 CONFIG_GRKERNSEC_PTRACE_GROUP=y
90 CONFIG_GRKERNSEC_PTRACE_GID=1008
91 CONFIG_GRKERNSEC_STEALTH=y
92 CONFIG_GRKERNSEC_STEALTH_RST=y
93 CONFIG_GRKERNSEC_STEALTH_UDP=y
94 CONFIG_GRKERNSEC_STEALTH_ICMP=y
95 CONFIG_GRKERNSEC_STEALTH_IGMP=y
96 CONFIG_GRKERNSEC_STEALTH_FLAGS=y
101 CONFIG_GRKERNSEC_STEALTH_ICMP_LOG=y
102 CONFIG_GRKERNSEC_STEALTH_RST_LOG=y
103 CONFIG_GRKERNSEC_STEALTH_UDP_LOG=y
104 CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG=y
109 CONFIG_GRKERNSEC_SYSCTL=y
112 # Miscellaneous Enhancements
114 CONFIG_GRKERNSEC_COREDUMP=y