5 # CONFIG_GRKERNSEC_LOW is not set
6 # CONFIG_GRKERNSEC_MID is not set
7 # CONFIG_GRKERNSEC_HI is not set
8 CONFIG_GRKERNSEC_CUSTOM=y
10 CONFIG_IP_NF_MATCH_STEALTH=m
12 # CONFIG_GRKERNSEC_PAX_NOEXEC is not set
13 # CONFIG_GRKERNSEC_PAX_ASLR is not set
16 # Buffer Overflow Protection
18 CONFIG_GRKERNSEC_STACK=y
19 CONFIG_GRKERNSEC_STACK_GCC=y
20 CONFIG_GRKERNSEC_KMEM=y
21 CONFIG_GRKERNSEC_KSYMS=y
22 # CONFIG_GRKERNSEC_PAX_RANDMMAP is not set
27 # CONFIG_GR_DEBUG is not set
28 # CONFIG_GRKERNSEC_ACL_CAPLOG is not set
33 # Access Control Lists
35 # CONFIG_OBV_PROC is not set
36 # CONFIG_GRKERNSEC_ACL is not set
38 # Filesystem Protections
40 CONFIG_GRKERNSEC_PROC=y
41 # CONFIG_GRKERNSEC_PROC_USER is not set
42 CONFIG_GRKERNSEC_PROC_USERGROUP=y
43 CONFIG_GRKERNSEC_PROC_GID=17
44 CONFIG_GRKERNSEC_PROC_ADD=y
45 # CONFIG_GRKERNSEC_PROC_MEMMAP is not set
46 CONFIG_GRKERNSEC_LINK=y
47 CONFIG_GRKERNSEC_FIFO=y
49 CONFIG_GRKERNSEC_CHROOT=y
50 CONFIG_GRKERNSEC_CHROOT_SIG=y
51 CONFIG_GRKERNSEC_CHROOT_MOUNT=y
52 CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
53 CONFIG_GRKERNSEC_CHROOT_PIVOT=y
54 CONFIG_GRKERNSEC_CHROOT_CHDIR=y
55 CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
56 CONFIG_GRKERNSEC_CHROOT_CHMOD=y
57 CONFIG_GRKERNSEC_CHROOT_MKNOD=y
58 CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
59 CONFIG_GRKERNSEC_CHROOT_PTRACE=y
60 CONFIG_GRKERNSEC_CHROOT_NICE=y
61 CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
62 CONFIG_GRKERNSEC_AUDIT_CHDIR=y
63 CONFIG_GRKERNSEC_AUDIT_MOUNT=y
64 CONFIG_GRKERNSEC_AUDIT_IPC=y
65 CONFIG_GRKERNSEC_AUDIT_PTRACE=y
66 CONFIG_GRKERNSEC_CHROOT_CAPS=y
67 CONFIG_GRKERNSEC_KBMAP=y
72 CONFIG_GRKERNSEC_AUDIT_GROUP=y
73 CONFIG_GRKERNSEC_AUDIT_GID=1007
78 CONFIG_GRKERNSEC_EXECLOG=y
79 CONFIG_GRKERNSEC_SUID=y
80 CONFIG_GRKERNSEC_SIGNAL=y
81 CONFIG_GRKERNSEC_FORKFAIL=y
82 CONFIG_GRKERNSEC_TIME=y
85 # Executable Protections
87 CONFIG_GRKERNSEC_EXECVE=y
88 CONFIG_GRKERNSEC_DMESG=y
89 CONFIG_GRKERNSEC_RANDPID=y
90 CONFIG_GRKERNSEC_IPC=y
91 CONFIG_GRKERNSEC_TTYROOT=y
92 CONFIG_GRKERNSEC_TTYROOT_PHYS=y
93 CONFIG_GRKERNSEC_TTYROOT_SERIAL=y
94 CONFIG_GRKERNSEC_TTYROOT_PSEUDO=y
95 CONFIG_GRKERNSEC_FORKBOMB=y
96 CONFIG_GRKERNSEC_FORKBOMB_GID=65504
97 CONFIG_GRKERNSEC_FORKBOMB_SEC=40
98 CONFIG_GRKERNSEC_FORKBOMB_MAX=20
99 CONFIG_GRKERNSEC_TPE=y
100 CONFIG_GRKERNSEC_TPE_GLIBC=y
101 CONFIG_GRKERNSEC_TPE_ALL=y
102 CONFIG_GRKERNSEC_TPE_GID=65500
105 # Network Protections
107 CONFIG_GRKERNSEC_RANDID=y
108 CONFIG_GRKERNSEC_RANDSRC=y
109 CONFIG_GRKERNSEC_RANDRPC=y
110 CONFIG_GRKERNSEC_RANDBIND=y
111 CONFIG_GRKERNSEC_RANDPING=y
112 CONFIG_GRKERNSEC_RANDTTL=y
113 CONFIG_GRKERNSEC_RANDTTL_THRESH=64
114 CONFIG_GRKERNSEC_RANDNET=y
115 CONFIG_GRKERNSEC_SOCKET=y
116 CONFIG_GRKERNSEC_SOCKET_ALL=y
117 CONFIG_GRKERNSEC_SOCKET_ALL_GID=1004
118 CONFIG_GRKERNSEC_ALL_GID=65501
119 CONFIG_GRKERNSEC_SOCKET_CLIENT=y
120 CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=1003
121 CONFIG_GRKERNSEC_CLIENT_GID=65502
122 CONFIG_GRKERNSEC_SOCKET_SERVER=y
123 CONFIG_GRKERNSEC_SOCKET_SERVER_GID=1002
124 CONFIG_GRKERNSEC_SERVER_GID=65503
125 CONFIG_GRKERNSEC_PTRACE=y
126 CONFIG_GRKERNSEC_PTRACE_GROUP=y
127 CONFIG_GRKERNSEC_PTRACE_GID=1008
128 CONFIG_GRKERNSEC_STEALTH=y
129 CONFIG_GRKERNSEC_STEALTH_RST=y
130 CONFIG_GRKERNSEC_STEALTH_UDP=y
131 CONFIG_GRKERNSEC_STEALTH_ICMP=y
132 CONFIG_GRKERNSEC_STEALTH_IGMP=y
133 CONFIG_GRKERNSEC_STEALTH_FLAGS=y
138 CONFIG_GRKERNSEC_STEALTH_ICMP_LOG=y
139 CONFIG_GRKERNSEC_STEALTH_RST_LOG=y
140 CONFIG_GRKERNSEC_STEALTH_UDP_LOG=y
141 CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG=y
146 CONFIG_GRKERNSEC_SYSCTL=y
149 # Miscellaneous Enhancements
151 CONFIG_GRKERNSEC_COREDUMP=y
152 CONFIG_GRKERNSEC_FLOODTIME=30
153 CONFIG_GRKERNSEC_FLOODBURST=4
156 CONFIG_GRKERNSEC_MEM=y
157 CONFIG_GRKERNSEC_ACL_HIDEKERN=y
158 CONFIG_GRKERNSEC_RESLOG=y
159 # CONFIG_GRKERNSEC_IO is not set
160 CONFIG_GRKERNSEC_ACL_MAXTRIES=3
161 CONFIG_GRKERNSEC_ACL_TIMEOUT=30
162 # CONFIG_GRKERNSEC_CHROOT_SHMAT is not set
163 CONFIG_GRKERNSEC_CHROOT_UNIX=y
164 CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
165 CONFIG_GRKERNSEC_RANDISN=y
projects / packages / kernel.git / blob