]> git.pld-linux.org Git - packages/kernel.git/blame - kernel-grsec.config
projects / packages / kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
build without grsec and old module-init-tools
[packages/kernel.git] / kernel-grsec.config
CommitLineData
c9d1c54c
AM		 1#
2# Grsecurity
3#
4CONFIG_GRKERNSEC=y
5# CONFIG_GRKERNSEC_LOW is not set
6# CONFIG_GRKERNSEC_MEDIUM is not set
7# CONFIG_GRKERNSEC_HIGH is not set
8CONFIG_GRKERNSEC_CUSTOM=y
9
10#
11# Address Space Protection
12#
13# CONFIG_GRKERNSEC_KMEM is not set
14# CONFIG_GRKERNSEC_IO is not set
2380c486 15# CONFIG_GRKERNSEC_PROC_MEMMAP is not set
c9d1c54c 16CONFIG_GRKERNSEC_BRUTE=y
2380c486
JR		 17CONFIG_GRKERNSEC_MODSTOP=y
18# CONFIG_GRKERNSEC_HIDESYM is not set
49cd8c1d 19# CONFIG_GRKERNSEC_KERN_LOCKOUT is not set
c9d1c54c 20
87f702c5 21CONFIG_GRKERNSEC_VM86=y
22
c9d1c54c
AM		 23#
24# Role Based Access Control Options
25#
017d2877 26# CONFIG_GRKERNSEC_NO_RBAC is not set
c9d1c54c
AM		 27CONFIG_GRKERNSEC_ACL_HIDEKERN=y
28CONFIG_GRKERNSEC_ACL_MAXTRIES=3
29CONFIG_GRKERNSEC_ACL_TIMEOUT=30
30
31#
32# Filesystem Protections
33#
34CONFIG_GRKERNSEC_PROC=y
35# CONFIG_GRKERNSEC_PROC_USER is not set
36CONFIG_GRKERNSEC_PROC_USERGROUP=y
37CONFIG_GRKERNSEC_PROC_GID=17
38CONFIG_GRKERNSEC_PROC_ADD=y
39CONFIG_GRKERNSEC_LINK=y
40CONFIG_GRKERNSEC_FIFO=y
49cd8c1d 41CONFIG_GRKERNSEC_SYSFS_RESTRICT=y
db2ff2a6 42CONFIG_GRKERNSEC_ROFS=y
c9d1c54c
AM		 43CONFIG_GRKERNSEC_CHROOT=y
44CONFIG_GRKERNSEC_CHROOT_MOUNT=y
45CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
46CONFIG_GRKERNSEC_CHROOT_PIVOT=y
47CONFIG_GRKERNSEC_CHROOT_CHDIR=y
48CONFIG_GRKERNSEC_CHROOT_CHMOD=y
49CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
50CONFIG_GRKERNSEC_CHROOT_MKNOD=y
51CONFIG_GRKERNSEC_CHROOT_SHMAT=y
52CONFIG_GRKERNSEC_CHROOT_UNIX=y
53CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
54CONFIG_GRKERNSEC_CHROOT_NICE=y
55CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
56CONFIG_GRKERNSEC_CHROOT_CAPS=y
57
58#
59# Kernel Auditing
60#
2380c486
JR		 61CONFIG_GRKERNSEC_AUDIT_GROUP=y
62CONFIG_GRKERNSEC_AUDIT_GID=1007
63CONFIG_GRKERNSEC_EXECLOG=y
c9d1c54c 64CONFIG_GRKERNSEC_RESLOG=y
2380c486 65CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
530d557d 66CONFIG_GRKERNSEC_AUDIT_PTRACE=y
2380c486
JR		 67CONFIG_GRKERNSEC_AUDIT_CHDIR=y
68CONFIG_GRKERNSEC_AUDIT_MOUNT=y
69CONFIG_GRKERNSEC_AUDIT_IPC=y
c9d1c54c
AM		 70CONFIG_GRKERNSEC_SIGNAL=y
71CONFIG_GRKERNSEC_FORKFAIL=y
72CONFIG_GRKERNSEC_TIME=y
73CONFIG_GRKERNSEC_PROC_IPADDR=y
2380c486 74CONFIG_GRKERNSEC_AUDIT_TEXTREL=y
c9d1c54c
AM		 75
76#
77# Executable Protections
78#
79CONFIG_GRKERNSEC_EXECVE=y
80CONFIG_GRKERNSEC_DMESG=y
49cd8c1d 81CONFIG_GRKERNSEC_HARDEN_PTRACE=y
82CONFIG_GRKERNSEC_PTRACE_READEXEC=y
83CONFIG_GRKERNSEC_SETXID=y
2380c486
JR		 84CONFIG_GRKERNSEC_TPE=y
85CONFIG_GRKERNSEC_TPE_ALL=y
86# CONFIG_GRKERNSEC_TPE_INVERT is not set
87CONFIG_GRKERNSEC_TPE_GID=65500
c9d1c54c
AM		 88
89#
90# Network Protections
91#
92CONFIG_GRKERNSEC_RANDNET=y
c9d1c54c
AM		 93CONFIG_GRKERNSEC_SOCKET=y
94CONFIG_GRKERNSEC_SOCKET_ALL=y
95CONFIG_GRKERNSEC_SOCKET_ALL_GID=65501
96CONFIG_GRKERNSEC_SOCKET_CLIENT=y
97CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=65502
98CONFIG_GRKERNSEC_SOCKET_SERVER=y
99CONFIG_GRKERNSEC_SOCKET_SERVER_GID=65503
1519b3d4 100# CONFIG_GRKERNSEC_BLACKHOLE is not set
c9d1c54c
AM		 101
102#
103# Sysctl support
104#
105CONFIG_GRKERNSEC_SYSCTL=y
2380c486 106# CONFIG_GRKERNSEC_SYSCTL_ON is not set
c9d1c54c
AM		 107
108#
109# Logging Options
110#
111CONFIG_GRKERNSEC_FLOODTIME=10
2380c486 112CONFIG_GRKERNSEC_FLOODBURST=10
c9d1c54c 113
2380c486 114CONFIG_IP_NF_MATCH_STEALTH=m
98c4004c 115
6613b898 116# CONFIG_GRKERNSEC_MODHARDEN is not set
49cd8c1d 117# CONFIG_PAX_MEMORY_STACKLEAK is not set
The Linux kernel (the core of the Linux operating system)
This page took 0.105455 seconds and 4 git commands to generate.