5 # CONFIG_GRKERNSEC_LOW is not set
6 # CONFIG_GRKERNSEC_MID is not set
7 # CONFIG_GRKERNSEC_HI is not set
8 CONFIG_GRKERNSEC_CUSTOM=y
10 CONFIG_IP_NF_MATCH_STEALTH=m
12 # Buffer Overflow Protection
14 CONFIG_GRKERNSEC_STACK=y
15 CONFIG_GRKERNSEC_STACK_GCC=y
16 CONFIG_GRKERNSEC_KMEM=y
17 CONFIG_GRKERNSEC_KSYMS=y
18 # CONFIG_GRKERNSEC_PAX_RANDMMAP is not set
23 # CONFIG_GR_DEBUG is not set
24 # CONFIG_GRKERNSEC_ACL_CAPLOG is not set
29 # Access Control Lists
31 # CONFIG_OBV_PROC is not set
32 # CONFIG_GRKERNSEC_ACL is not set
34 # Filesystem Protections
36 CONFIG_GRKERNSEC_PROC=y
37 # CONFIG_GRKERNSEC_PROC_USER is not set
38 CONFIG_GRKERNSEC_PROC_USERGROUP=y
39 CONFIG_GRKERNSEC_PROC_GID=17
40 CONFIG_GRKERNSEC_PROC_ADD=y
41 # CONFIG_GRKERNSEC_PROC_MEMMAP is not set
42 CONFIG_GRKERNSEC_LINK=y
43 CONFIG_GRKERNSEC_FIFO=y
45 CONFIG_GRKERNSEC_CHROOT=y
46 CONFIG_GRKERNSEC_CHROOT_SIG=y
47 CONFIG_GRKERNSEC_CHROOT_MOUNT=y
48 CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
49 CONFIG_GRKERNSEC_CHROOT_PIVOT=y
50 CONFIG_GRKERNSEC_CHROOT_CHDIR=y
51 CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
52 CONFIG_GRKERNSEC_CHROOT_CHMOD=y
53 CONFIG_GRKERNSEC_CHROOT_MKNOD=y
54 CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
55 CONFIG_GRKERNSEC_CHROOT_PTRACE=y
56 CONFIG_GRKERNSEC_CHROOT_NICE=y
57 CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
58 CONFIG_GRKERNSEC_AUDIT_CHDIR=y
59 CONFIG_GRKERNSEC_AUDIT_MOUNT=y
60 CONFIG_GRKERNSEC_AUDIT_IPC=y
61 CONFIG_GRKERNSEC_AUDIT_PTRACE=y
62 CONFIG_GRKERNSEC_CHROOT_CAPS=y
63 CONFIG_GRKERNSEC_KBMAP=y
68 CONFIG_GRKERNSEC_AUDIT_GROUP=y
69 CONFIG_GRKERNSEC_AUDIT_GID=1007
74 CONFIG_GRKERNSEC_EXECLOG=y
75 CONFIG_GRKERNSEC_SUID=y
76 CONFIG_GRKERNSEC_SIGNAL=y
77 CONFIG_GRKERNSEC_FORKFAIL=y
78 CONFIG_GRKERNSEC_TIME=y
81 # Executable Protections
83 CONFIG_GRKERNSEC_EXECVE=y
84 CONFIG_GRKERNSEC_DMESG=y
85 CONFIG_GRKERNSEC_RANDPID=y
86 CONFIG_GRKERNSEC_IPC=y
87 CONFIG_GRKERNSEC_TTYROOT=y
88 CONFIG_GRKERNSEC_TTYROOT_PHYS=y
89 CONFIG_GRKERNSEC_TTYROOT_SERIAL=y
90 CONFIG_GRKERNSEC_TTYROOT_PSEUDO=y
91 CONFIG_GRKERNSEC_FORKBOMB=y
92 CONFIG_GRKERNSEC_FORKBOMB_GID=65504
93 CONFIG_GRKERNSEC_FORKBOMB_SEC=40
94 CONFIG_GRKERNSEC_FORKBOMB_MAX=20
95 CONFIG_GRKERNSEC_TPE=y
96 CONFIG_GRKERNSEC_TPE_GLIBC=y
97 CONFIG_GRKERNSEC_TPE_ALL=y
98 CONFIG_GRKERNSEC_TPE_GID=65500
101 # Network Protections
103 CONFIG_GRKERNSEC_RANDID=y
104 CONFIG_GRKERNSEC_RANDSRC=y
105 CONFIG_GRKERNSEC_RANDRPC=y
106 CONFIG_GRKERNSEC_RANDBIND=y
107 CONFIG_GRKERNSEC_RANDPING=y
108 CONFIG_GRKERNSEC_RANDTTL=y
109 CONFIG_GRKERNSEC_RANDTTL_THRESH=64
110 CONFIG_GRKERNSEC_RANDNET=y
111 CONFIG_GRKERNSEC_SOCKET=y
112 CONFIG_GRKERNSEC_SOCKET_ALL=y
113 CONFIG_GRKERNSEC_SOCKET_ALL_GID=1004
114 CONFIG_GRKERNSEC_ALL_GID=65501
115 CONFIG_GRKERNSEC_SOCKET_CLIENT=y
116 CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=1003
117 CONFIG_GRKERNSEC_CLIENT_GID=65502
118 CONFIG_GRKERNSEC_SOCKET_SERVER=y
119 CONFIG_GRKERNSEC_SOCKET_SERVER_GID=1002
120 CONFIG_GRKERNSEC_SERVER_GID=65503
121 CONFIG_GRKERNSEC_PTRACE=y
122 CONFIG_GRKERNSEC_PTRACE_GROUP=y
123 CONFIG_GRKERNSEC_PTRACE_GID=1008
124 CONFIG_GRKERNSEC_STEALTH=y
125 CONFIG_GRKERNSEC_STEALTH_RST=y
126 CONFIG_GRKERNSEC_STEALTH_UDP=y
127 CONFIG_GRKERNSEC_STEALTH_ICMP=y
128 CONFIG_GRKERNSEC_STEALTH_IGMP=y
129 CONFIG_GRKERNSEC_STEALTH_FLAGS=y
134 CONFIG_GRKERNSEC_STEALTH_ICMP_LOG=y
135 CONFIG_GRKERNSEC_STEALTH_RST_LOG=y
136 CONFIG_GRKERNSEC_STEALTH_UDP_LOG=y
137 CONFIG_GRKERNSEC_STEALTH_FLAGS_LOG=y
142 CONFIG_GRKERNSEC_SYSCTL=y
145 # Miscellaneous Enhancements
147 CONFIG_GRKERNSEC_COREDUMP=y
148 CONFIG_GRKERNSEC_FLOODTIME=30
149 CONFIG_GRKERNSEC_FLOODBURST=4