10 # CONFIG_PAX_EI_PAX is not set
11 CONFIG_PAX_PT_PAX_FLAGS=y
12 # CONFIG_PAX_NO_ACL_FLAGS is not set
13 CONFIG_PAX_HAVE_ACL_FLAGS=y
14 # CONFIG_PAX_HOOK_ACL_FLAGS is not set
17 # Non-executable pages
22 # CONFIG_PAX_DEFAULT_PAGEEXEC is not set
23 CONFIG_PAX_DEFAULT_SEGMEXEC=y
26 # CONFIG_PAX_NOELFRELOCS is not set
29 # Address Space Layout Randomization
32 # CONFIG_PAX_RANDKSTACK is not set
33 CONFIG_PAX_RANDUSTACK=y
35 CONFIG_PAX_NOVSYSCALL=y
41 # CONFIG_GRKERNSEC_LOW is not set
42 # CONFIG_GRKERNSEC_MEDIUM is not set
43 # CONFIG_GRKERNSEC_HIGH is not set
44 CONFIG_GRKERNSEC_CUSTOM=y
47 # Address Space Protection
49 CONFIG_GRKERNSEC_KMEM=y
50 # CONFIG_GRKERNSEC_IO is not set
51 CONFIG_GRKERNSEC_PROC_MEMMAP=y
52 CONFIG_GRKERNSEC_BRUTE=y
53 CONFIG_GRKERNSEC_MODSTOP=y
54 # CONFIG_GRKERNSEC_HIDESYM is not set
57 # Role Based Access Control Options
59 CONFIG_GRKERNSEC_ACL_HIDEKERN=y
60 CONFIG_GRKERNSEC_ACL_MAXTRIES=3
61 CONFIG_GRKERNSEC_ACL_TIMEOUT=30
64 # Filesystem Protections
66 CONFIG_GRKERNSEC_PROC=y
67 # CONFIG_GRKERNSEC_PROC_USER is not set
68 CONFIG_GRKERNSEC_PROC_USERGROUP=y
69 CONFIG_GRKERNSEC_PROC_GID=17
70 CONFIG_GRKERNSEC_PROC_ADD=y
71 CONFIG_GRKERNSEC_LINK=y
72 CONFIG_GRKERNSEC_FIFO=y
73 CONFIG_GRKERNSEC_CHROOT=y
74 CONFIG_GRKERNSEC_CHROOT_MOUNT=y
75 CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
76 CONFIG_GRKERNSEC_CHROOT_PIVOT=y
77 CONFIG_GRKERNSEC_CHROOT_CHDIR=y
78 CONFIG_GRKERNSEC_CHROOT_CHMOD=y
79 CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
80 CONFIG_GRKERNSEC_CHROOT_MKNOD=y
81 CONFIG_GRKERNSEC_CHROOT_SHMAT=y
82 CONFIG_GRKERNSEC_CHROOT_UNIX=y
83 CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
84 CONFIG_GRKERNSEC_CHROOT_NICE=y
85 CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
86 CONFIG_GRKERNSEC_CHROOT_CAPS=y
91 CONFIG_GRKERNSEC_AUDIT_GROUP=y
92 CONFIG_GRKERNSEC_AUDIT_GID=1007
93 CONFIG_GRKERNSEC_EXECLOG=y
94 CONFIG_GRKERNSEC_RESLOG=y
95 CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
96 CONFIG_GRKERNSEC_AUDIT_CHDIR=y
97 CONFIG_GRKERNSEC_AUDIT_MOUNT=y
98 CONFIG_GRKERNSEC_AUDIT_IPC=y
99 CONFIG_GRKERNSEC_SIGNAL=y
100 CONFIG_GRKERNSEC_FORKFAIL=y
101 CONFIG_GRKERNSEC_TIME=y
102 CONFIG_GRKERNSEC_PROC_IPADDR=y
103 # CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
106 # Executable Protections
108 CONFIG_GRKERNSEC_EXECVE=y
109 CONFIG_GRKERNSEC_SHM=y
110 CONFIG_GRKERNSEC_DMESG=y
111 CONFIG_GRKERNSEC_RANDPID=y
112 CONFIG_GRKERNSEC_TPE=y
113 CONFIG_GRKERNSEC_TPE_ALL=y
114 # CONFIG_GRKERNSEC_TPE_INVERT is not set
115 CONFIG_GRKERNSEC_TPE_GID=65500
118 # Network Protections
120 CONFIG_GRKERNSEC_RANDNET=y
121 CONFIG_GRKERNSEC_SOCKET=y
122 CONFIG_GRKERNSEC_SOCKET_ALL=y
123 CONFIG_GRKERNSEC_SOCKET_ALL_GID=65501
124 CONFIG_GRKERNSEC_SOCKET_CLIENT=y
125 CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=65502
126 CONFIG_GRKERNSEC_SOCKET_SERVER=y
127 CONFIG_GRKERNSEC_SOCKET_SERVER_GID=65503
132 CONFIG_GRKERNSEC_SYSCTL=y
133 # CONFIG_GRKERNSEC_SYSCTL_ON is not set
138 CONFIG_GRKERNSEC_FLOODTIME=10
139 CONFIG_GRKERNSEC_FLOODBURST=10
142 # Some Netfilter stuff
144 CONFIG_IP_NF_MATCH_STEALTH=m