]> git.pld-linux.org Git - packages/kernel.git/blobdiff - kernel-grsec+pax.config
projects / packages / kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- backported security patches from 2.6.16.57-rc1 (resolves
[packages/kernel.git] / kernel-grsec+pax.config
diff --git a/kernel-grsec+pax.config b/kernel-grsec+pax.config
index dfba456ec09de626bba5053c159f46292d26df71..3012b5e4d3056e30180e4453621553ec47843633 100644 (file)
--- a/kernel-grsec+pax.config
+++ b/kernel-grsec+pax.config
@@ -1,3 +1,39 @@
+#
+# PaX
+#  
+CONFIG_PAX=y
+       
+#
+# PaX Control
+#      
+CONFIG_PAX_SOFTMODE=y
+# CONFIG_PAX_EI_PAX is not set
+CONFIG_PAX_PT_PAX_FLAGS=y
+# CONFIG_PAX_NO_ACL_FLAGS is not set
+CONFIG_PAX_HAVE_ACL_FLAGS=y
+# CONFIG_PAX_HOOK_ACL_FLAGS is not set
+
+#
+# Non-executable pages
+#      
+CONFIG_PAX_NOEXEC=y
+CONFIG_PAX_PAGEEXEC=y
+CONFIG_PAX_SEGMEXEC=y
+# CONFIG_PAX_DEFAULT_PAGEEXEC is not set
+CONFIG_PAX_DEFAULT_SEGMEXEC=y
+CONFIG_PAX_EMUTRAMP=y
+CONFIG_PAX_MPROTECT=y
+# CONFIG_PAX_NOELFRELOCS is not set
+                    
+#
+# Address Space Layout Randomization
+#      
+CONFIG_PAX_ASLR=y
+# CONFIG_PAX_RANDKSTACK is not set
+CONFIG_PAX_RANDUSTACK=y
+CONFIG_PAX_RANDMMAP=y
+CONFIG_PAX_NOVSYSCALL=y
+
 #
 # Grsecurity
 #
@@ -10,11 +46,12 @@ CONFIG_GRKERNSEC_CUSTOM=y
 #
 # Address Space Protection
 #
-# CONFIG_GRKERNSEC_KMEM is not set
+CONFIG_GRKERNSEC_KMEM=y
 # CONFIG_GRKERNSEC_IO is not set
 CONFIG_GRKERNSEC_PROC_MEMMAP=y
 CONFIG_GRKERNSEC_BRUTE=y
-CONFIG_GRKERNSEC_HIDESYM=y
+CONFIG_GRKERNSEC_MODSTOP=y
+# CONFIG_GRKERNSEC_HIDESYM is not set
 
 #
 # Role Based Access Control Options
@@ -51,13 +88,14 @@ CONFIG_GRKERNSEC_CHROOT_CAPS=y
 #
 # Kernel Auditing
 #
-# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
-# CONFIG_GRKERNSEC_EXECLOG is not set
+CONFIG_GRKERNSEC_AUDIT_GROUP=y
+CONFIG_GRKERNSEC_AUDIT_GID=1007
+CONFIG_GRKERNSEC_EXECLOG=y
 CONFIG_GRKERNSEC_RESLOG=y
-# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
-# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
-# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
-# CONFIG_GRKERNSEC_AUDIT_IPC is not set
+CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
+CONFIG_GRKERNSEC_AUDIT_CHDIR=y
+CONFIG_GRKERNSEC_AUDIT_MOUNT=y
+CONFIG_GRKERNSEC_AUDIT_IPC=y
 CONFIG_GRKERNSEC_SIGNAL=y
 CONFIG_GRKERNSEC_FORKFAIL=y
 CONFIG_GRKERNSEC_TIME=y
@@ -71,13 +109,15 @@ CONFIG_GRKERNSEC_EXECVE=y
 CONFIG_GRKERNSEC_SHM=y
 CONFIG_GRKERNSEC_DMESG=y
 CONFIG_GRKERNSEC_RANDPID=y
-# CONFIG_GRKERNSEC_TPE is not set
+CONFIG_GRKERNSEC_TPE=y
+CONFIG_GRKERNSEC_TPE_ALL=y
+# CONFIG_GRKERNSEC_TPE_INVERT is not set
+CONFIG_GRKERNSEC_TPE_GID=65500
 
 #
 # Network Protections
 #
 CONFIG_GRKERNSEC_RANDNET=y
-CONFIG_GRKERNSEC_RANDSRC=y
 CONFIG_GRKERNSEC_SOCKET=y
 CONFIG_GRKERNSEC_SOCKET_ALL=y
 CONFIG_GRKERNSEC_SOCKET_ALL_GID=65501
@@ -96,38 +136,10 @@ CONFIG_GRKERNSEC_SYSCTL=y
 # Logging Options
 #
 CONFIG_GRKERNSEC_FLOODTIME=10
-CONFIG_GRKERNSEC_FLOODBURST=4
-
-#
-# PaX
-#
-CONFIG_PAX=y
-
-#
-# PaX Control
-#
-# CONFIG_PAX_SOFTMODE is not set
-# CONFIG_PAX_EI_PAX is not set
-CONFIG_PAX_PT_PAX_FLAGS=y
-CONFIG_PAX_NO_ACL_FLAGS=y
-# CONFIG_PAX_HAVE_ACL_FLAGS is not set
-# CONFIG_PAX_HOOK_ACL_FLAGS is not set
+CONFIG_GRKERNSEC_FLOODBURST=10
 
 #
-# Non-executable pages
+# Some Netfilter stuff
 #
-CONFIG_PAX_NOEXEC=y
-CONFIG_PAX_PAGEEXEC=y
-# CONFIG_PAX_SEGMEXEC is not set
-CONFIG_PAX_EMUTRAMP=y
-CONFIG_PAX_MPROTECT=y
-# CONFIG_PAX_NOELFRELOCS is not set
+CONFIG_IP_NF_MATCH_STEALTH=m
 
-#
-# Address Space Layout Randomization
-#
-CONFIG_PAX_ASLR=y
-CONFIG_PAX_RANDKSTACK=y
-CONFIG_PAX_RANDUSTACK=y
-CONFIG_PAX_RANDMMAP=y
-CONFIG_PAX_NOVSYSCALL=y
The Linux kernel (the core of the Linux operating system)
This page took 0.04327 seconds and 4 git commands to generate.