projects / packages / kernel.git / blame
| Commit | Line | Data |
|---|---|---|
| c9d1c54c AM |
1 | # |
| 2 | # Grsecurity | |
| 3 | # | |
| 4 | CONFIG_GRKERNSEC=y | |
| 5 | # CONFIG_GRKERNSEC_LOW is not set | |
| 6 | # CONFIG_GRKERNSEC_MEDIUM is not set | |
| 7 | # CONFIG_GRKERNSEC_HIGH is not set | |
| 8 | CONFIG_GRKERNSEC_CUSTOM=y | |
| 9 | ||
| 10 | # | |
| 11 | # Address Space Protection | |
| 12 | # | |
| 13 | # CONFIG_GRKERNSEC_KMEM is not set | |
| 14 | # CONFIG_GRKERNSEC_IO is not set | |
| 2380c486 | 15 | # CONFIG_GRKERNSEC_PROC_MEMMAP is not set |
| 3afa173a | 16 | # CONFIG_GRKERNSEC_BRUTE is not set |
| 2380c486 JR |
17 | CONFIG_GRKERNSEC_MODSTOP=y |
| 18 | # CONFIG_GRKERNSEC_HIDESYM is not set | |
| 6a36902e | 19 | # CONFIG_GRKERNSEC_KERN_LOCKOUT is not set |
| c9d1c54c | 20 | |
| 87f702c5 | 21 | CONFIG_GRKERNSEC_VM86=y |
| 22 | ||
| c9d1c54c AM |
23 | # |
| 24 | # Role Based Access Control Options | |
| 25 | # | |
| 017d2877 | 26 | # CONFIG_GRKERNSEC_NO_RBAC is not set |
| c9d1c54c AM |
27 | CONFIG_GRKERNSEC_ACL_HIDEKERN=y |
| 28 | CONFIG_GRKERNSEC_ACL_MAXTRIES=3 | |
| 29 | CONFIG_GRKERNSEC_ACL_TIMEOUT=30 | |
| 30 | ||
| 31 | # | |
| 32 | # Filesystem Protections | |
| 33 | # | |
| 34 | CONFIG_GRKERNSEC_PROC=y | |
| 35 | # CONFIG_GRKERNSEC_PROC_USER is not set | |
| 36 | CONFIG_GRKERNSEC_PROC_USERGROUP=y | |
| 37 | CONFIG_GRKERNSEC_PROC_GID=17 | |
| 38 | CONFIG_GRKERNSEC_PROC_ADD=y | |
| 39 | CONFIG_GRKERNSEC_LINK=y | |
| 40 | CONFIG_GRKERNSEC_FIFO=y | |
| db2ff2a6 | 41 | CONFIG_GRKERNSEC_ROFS=y |
| c9d1c54c AM |
42 | CONFIG_GRKERNSEC_CHROOT=y |
| 43 | CONFIG_GRKERNSEC_CHROOT_MOUNT=y | |
| 44 | CONFIG_GRKERNSEC_CHROOT_DOUBLE=y | |
| 45 | CONFIG_GRKERNSEC_CHROOT_PIVOT=y | |
| 46 | CONFIG_GRKERNSEC_CHROOT_CHDIR=y | |
| 47 | CONFIG_GRKERNSEC_CHROOT_CHMOD=y | |
| 48 | CONFIG_GRKERNSEC_CHROOT_FCHDIR=y | |
| 49 | CONFIG_GRKERNSEC_CHROOT_MKNOD=y | |
| 50 | CONFIG_GRKERNSEC_CHROOT_SHMAT=y | |
| 51 | CONFIG_GRKERNSEC_CHROOT_UNIX=y | |
| 52 | CONFIG_GRKERNSEC_CHROOT_FINDTASK=y | |
| 53 | CONFIG_GRKERNSEC_CHROOT_NICE=y | |
| 54 | CONFIG_GRKERNSEC_CHROOT_SYSCTL=y | |
| 55 | CONFIG_GRKERNSEC_CHROOT_CAPS=y | |
| 56 | ||
| 57 | # | |
| 58 | # Kernel Auditing | |
| 59 | # | |
| 2380c486 JR |
60 | CONFIG_GRKERNSEC_AUDIT_GROUP=y |
| 61 | CONFIG_GRKERNSEC_AUDIT_GID=1007 | |
| 62 | CONFIG_GRKERNSEC_EXECLOG=y | |
| c9d1c54c | 63 | CONFIG_GRKERNSEC_RESLOG=y |
| 2380c486 JR |
64 | CONFIG_GRKERNSEC_CHROOT_EXECLOG=y |
| 65 | CONFIG_GRKERNSEC_AUDIT_CHDIR=y | |
| 66 | CONFIG_GRKERNSEC_AUDIT_MOUNT=y | |
| 67 | CONFIG_GRKERNSEC_AUDIT_IPC=y | |
| 62cca95f | 68 | CONFIG_GRKERNSEC_AUDIT_PTRACE=y |
| c9d1c54c AM |
69 | CONFIG_GRKERNSEC_SIGNAL=y |
| 70 | CONFIG_GRKERNSEC_FORKFAIL=y | |
| 71 | CONFIG_GRKERNSEC_TIME=y | |
| 72 | CONFIG_GRKERNSEC_PROC_IPADDR=y | |
| 2380c486 | 73 | CONFIG_GRKERNSEC_AUDIT_TEXTREL=y |
| c9d1c54c AM |
74 | |
| 75 | # | |
| 76 | # Executable Protections | |
| 77 | # | |
| 78 | CONFIG_GRKERNSEC_EXECVE=y | |
| 79 | CONFIG_GRKERNSEC_DMESG=y | |
| 2380c486 JR |
80 | CONFIG_GRKERNSEC_TPE=y |
| 81 | CONFIG_GRKERNSEC_TPE_ALL=y | |
| 82 | # CONFIG_GRKERNSEC_TPE_INVERT is not set | |
| 83 | CONFIG_GRKERNSEC_TPE_GID=65500 | |
| c9d1c54c AM |
84 | |
| 85 | # | |
| 86 | # Network Protections | |
| 87 | # | |
| 88 | CONFIG_GRKERNSEC_RANDNET=y | |
| c9d1c54c AM |
89 | CONFIG_GRKERNSEC_SOCKET=y |
| 90 | CONFIG_GRKERNSEC_SOCKET_ALL=y | |
| 91 | CONFIG_GRKERNSEC_SOCKET_ALL_GID=65501 | |
| 92 | CONFIG_GRKERNSEC_SOCKET_CLIENT=y | |
| 93 | CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=65502 | |
| 94 | CONFIG_GRKERNSEC_SOCKET_SERVER=y | |
| 95 | CONFIG_GRKERNSEC_SOCKET_SERVER_GID=65503 | |
| 1519b3d4 | 96 | # CONFIG_GRKERNSEC_BLACKHOLE is not set |
| c9d1c54c AM |
97 | |
| 98 | # | |
| 99 | # Sysctl support | |
| 100 | # | |
| 101 | CONFIG_GRKERNSEC_SYSCTL=y | |
| 2380c486 | 102 | # CONFIG_GRKERNSEC_SYSCTL_ON is not set |
| c9d1c54c AM |
103 | |
| 104 | # | |
| 105 | # Logging Options | |
| 106 | # | |
| 107 | CONFIG_GRKERNSEC_FLOODTIME=10 | |
| 2380c486 | 108 | CONFIG_GRKERNSEC_FLOODBURST=10 |
| c9d1c54c | 109 | |
| 2380c486 | 110 | CONFIG_IP_NF_MATCH_STEALTH=m |
| 98c4004c | 111 | |
| 6613b898 | 112 | # CONFIG_GRKERNSEC_MODHARDEN is not set |
| 98c4004c | 113 | CONFIG_GRKERNSEC_HARDEN_PTRACE=y |
| 53fda8d6 AM |
114 | |
| 115 | # Networking | |
| 116 | CONFIG_NETFILTER_XT_MATCH_GRADM=m | |
| 410dbfd4 | 117 | CONFIG_GRKERNSEC_SYSFS_RESTRICT=n |