# Getrewted Kernel Security
#
CONFIG_GRKERNSEC=y
+
+#
+# Buffer Overflow Protection
+#
CONFIG_GRKERNSEC_STACK=y
CONFIG_GRKERNSEC_STACK_GCC=y
+
+#
+# Filesystem Protections
+#
CONFIG_GRKERNSEC_PROC=y
-CONFIG_GRKERNSEC_PROC_USER=y
+# CONFIG_GRKERNSEC_PROC_USER is not set
+CONFIG_GRKERNSEC_PROC_USERGROUP=y
+CONFIG_GRKERNSEC_PROC_GID=17
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_FD=y
-CONFIG_GRKERNSEC_EXECVE=y
+CONFIG_GRKERNSEC_CHROOT=y
+CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
+# CONFIG_GRKERNSEC_CHROOT_CAPS is not set
+# CONFIG_GRKERNSEC_KBMAP is not set
+
+#
+# Security Logging
+#
# CONFIG_GRKERNSEC_EXECLOG is not set
-CONFIG_GRKERNSEC_SUID=y
+# CONFIG_GRKERNSEC_SUID is not set
CONFIG_GRKERNSEC_SIGNAL=y
-CONFIG_GRKERNSEC_FORKFAIL=y
+# CONFIG_GRKERNSEC_FORKFAIL is not set
CONFIG_GRKERNSEC_TIME=y
-CONFIG_GRKERNSEC_COREDUMP=y
-CONFIG_GRKERNSEC_CHROOT=y
-CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
-CONFIG_GRKERNSEC_CHROOT_CAPS=y
-CONFIG_GRKERNSEC_NOEXEC=y
-CONFIG_GRKERNSEC_NOEXEC_GLIBC=y
-CONFIG_GRKERNSEC_NOEXEC_CAPS=y
-CONFIG_GRKERNSEC_NOEXEC_GID=1006
+
+#
+# Executable Protections
+#
+CONFIG_GRKERNSEC_EXECVE=y
+# CONFIG_GRKERNSEC_NOEXEC is not set
CONFIG_GRKERNSEC_SIDCAPS=y
CONFIG_GRKERNSEC_TPE=y
CONFIG_GRKERNSEC_TPE_GLIBC=y
-CONFIG_GRKERNSEC_TPE_ALL=y
-CONFIG_GRKERNSEC_TPE_GID=1005
-CONFIG_GRKERNSEC_KBMAP=y
-CONFIG_GRKERNSEC_RANDPID=y
+# CONFIG_GRKERNSEC_TPE_ALL is not set
+CONFIG_GRKERNSEC_TPE_GID=65500
+
+#
+# Network Protections
+#
+# CONFIG_GRKERNSEC_RANDPID is not set
CONFIG_GRKERNSEC_RANDID=y
-CONFIG_GRKERNSEC_RANDSRC=y
+# CONFIG_GRKERNSEC_RANDSRC is not set
+# CONFIG_GRKERNSEC_RANDPING is not set
+# CONFIG_GRKERNSEC_RANDTTL is not set
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_SOCKET=y
CONFIG_GRKERNSEC_SOCKET_ALL=y
-CONFIG_GRKERNSEC_ALL_GID=1004
+CONFIG_GRKERNSEC_ALL_GID=65501
CONFIG_GRKERNSEC_SOCKET_CLIENT=y
-CONFIG_GRKERNSEC_CLIENT_GID=1003
+CONFIG_GRKERNSEC_CLIENT_GID=65502
CONFIG_GRKERNSEC_SOCKET_SERVER=y
-CONFIG_GRKERNSEC_SERVER_GID=1002
-CONFIG_GRKERNSEC_STEALTH=y
-CONFIG_GRKERNSEC_STEALTH_RST=y
-CONFIG_GRKERNSEC_STEALTH_UDP=y
-CONFIG_GRKERNSEC_STEALTH_ICMP=y
-CONFIG_GRKERNSEC_STEALTH_IGMP=y
-CONFIG_GRKERNSEC_FLAGS=y
-CONFIG_GRKERNSEC_RANDPING=y
-CONFIG_GRKERNSEC_RANDTTL=y
-CONFIG_GRKERNSEC_RANDTTL_THRESH=64
+CONFIG_GRKERNSEC_SERVER_GID=65503
+# CONFIG_GRKERNSEC_STEALTH is not set
+
+#
+# Miscellaneous Enhancements
+#
+CONFIG_GRKERNSEC_COREDUMP=y