projects / packages / kernel.git / blame
| Commit | Line | Data |
|---|---|---|
| c9d1c54c AM |
1 | # |
| 2 | # Grsecurity | |
| 3 | # | |
| 4 | CONFIG_GRKERNSEC=y | |
| 5 | # CONFIG_GRKERNSEC_LOW is not set | |
| 6 | # CONFIG_GRKERNSEC_MEDIUM is not set | |
| 7 | # CONFIG_GRKERNSEC_HIGH is not set | |
| 8 | CONFIG_GRKERNSEC_CUSTOM=y | |
| 9 | ||
| 10 | # | |
| 11 | # Address Space Protection | |
| 12 | # | |
| 13 | # CONFIG_GRKERNSEC_KMEM is not set | |
| 14 | # CONFIG_GRKERNSEC_IO is not set | |
| 2380c486 | 15 | # CONFIG_GRKERNSEC_PROC_MEMMAP is not set |
| c9d1c54c | 16 | CONFIG_GRKERNSEC_BRUTE=y |
| 2380c486 JR |
17 | CONFIG_GRKERNSEC_MODSTOP=y |
| 18 | # CONFIG_GRKERNSEC_HIDESYM is not set | |
| c9d1c54c AM |
19 | |
| 20 | # | |
| 21 | # Role Based Access Control Options | |
| 22 | # | |
| 017d2877 | 23 | # CONFIG_GRKERNSEC_NO_RBAC is not set |
| c9d1c54c AM |
24 | CONFIG_GRKERNSEC_ACL_HIDEKERN=y |
| 25 | CONFIG_GRKERNSEC_ACL_MAXTRIES=3 | |
| 26 | CONFIG_GRKERNSEC_ACL_TIMEOUT=30 | |
| 27 | ||
| 28 | # | |
| 29 | # Filesystem Protections | |
| 30 | # | |
| 31 | CONFIG_GRKERNSEC_PROC=y | |
| 32 | # CONFIG_GRKERNSEC_PROC_USER is not set | |
| 33 | CONFIG_GRKERNSEC_PROC_USERGROUP=y | |
| 34 | CONFIG_GRKERNSEC_PROC_GID=17 | |
| 35 | CONFIG_GRKERNSEC_PROC_ADD=y | |
| 36 | CONFIG_GRKERNSEC_LINK=y | |
| 37 | CONFIG_GRKERNSEC_FIFO=y | |
| 38 | CONFIG_GRKERNSEC_CHROOT=y | |
| 39 | CONFIG_GRKERNSEC_CHROOT_MOUNT=y | |
| 40 | CONFIG_GRKERNSEC_CHROOT_DOUBLE=y | |
| 41 | CONFIG_GRKERNSEC_CHROOT_PIVOT=y | |
| 42 | CONFIG_GRKERNSEC_CHROOT_CHDIR=y | |
| 43 | CONFIG_GRKERNSEC_CHROOT_CHMOD=y | |
| 44 | CONFIG_GRKERNSEC_CHROOT_FCHDIR=y | |
| 45 | CONFIG_GRKERNSEC_CHROOT_MKNOD=y | |
| 46 | CONFIG_GRKERNSEC_CHROOT_SHMAT=y | |
| 47 | CONFIG_GRKERNSEC_CHROOT_UNIX=y | |
| 48 | CONFIG_GRKERNSEC_CHROOT_FINDTASK=y | |
| 49 | CONFIG_GRKERNSEC_CHROOT_NICE=y | |
| 50 | CONFIG_GRKERNSEC_CHROOT_SYSCTL=y | |
| 51 | CONFIG_GRKERNSEC_CHROOT_CAPS=y | |
| 52 | ||
| 53 | # | |
| 54 | # Kernel Auditing | |
| 55 | # | |
| 2380c486 JR |
56 | CONFIG_GRKERNSEC_AUDIT_GROUP=y |
| 57 | CONFIG_GRKERNSEC_AUDIT_GID=1007 | |
| 58 | CONFIG_GRKERNSEC_EXECLOG=y | |
| c9d1c54c | 59 | CONFIG_GRKERNSEC_RESLOG=y |
| 2380c486 JR |
60 | CONFIG_GRKERNSEC_CHROOT_EXECLOG=y |
| 61 | CONFIG_GRKERNSEC_AUDIT_CHDIR=y | |
| 62 | CONFIG_GRKERNSEC_AUDIT_MOUNT=y | |
| 63 | CONFIG_GRKERNSEC_AUDIT_IPC=y | |
| c9d1c54c AM |
64 | CONFIG_GRKERNSEC_SIGNAL=y |
| 65 | CONFIG_GRKERNSEC_FORKFAIL=y | |
| 66 | CONFIG_GRKERNSEC_TIME=y | |
| 67 | CONFIG_GRKERNSEC_PROC_IPADDR=y | |
| 2380c486 | 68 | CONFIG_GRKERNSEC_AUDIT_TEXTREL=y |
| c9d1c54c AM |
69 | |
| 70 | # | |
| 71 | # Executable Protections | |
| 72 | # | |
| 73 | CONFIG_GRKERNSEC_EXECVE=y | |
| 74 | CONFIG_GRKERNSEC_DMESG=y | |
| 2380c486 JR |
75 | CONFIG_GRKERNSEC_TPE=y |
| 76 | CONFIG_GRKERNSEC_TPE_ALL=y | |
| 77 | # CONFIG_GRKERNSEC_TPE_INVERT is not set | |
| 78 | CONFIG_GRKERNSEC_TPE_GID=65500 | |
| c9d1c54c AM |
79 | |
| 80 | # | |
| 81 | # Network Protections | |
| 82 | # | |
| 83 | CONFIG_GRKERNSEC_RANDNET=y | |
| c9d1c54c AM |
84 | CONFIG_GRKERNSEC_SOCKET=y |
| 85 | CONFIG_GRKERNSEC_SOCKET_ALL=y | |
| 86 | CONFIG_GRKERNSEC_SOCKET_ALL_GID=65501 | |
| 87 | CONFIG_GRKERNSEC_SOCKET_CLIENT=y | |
| 88 | CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=65502 | |
| 89 | CONFIG_GRKERNSEC_SOCKET_SERVER=y | |
| 90 | CONFIG_GRKERNSEC_SOCKET_SERVER_GID=65503 | |
| 1519b3d4 | 91 | # CONFIG_GRKERNSEC_BLACKHOLE is not set |
| c9d1c54c AM |
92 | |
| 93 | # | |
| 94 | # Sysctl support | |
| 95 | # | |
| 96 | CONFIG_GRKERNSEC_SYSCTL=y | |
| 2380c486 | 97 | # CONFIG_GRKERNSEC_SYSCTL_ON is not set |
| c9d1c54c AM |
98 | |
| 99 | # | |
| 100 | # Logging Options | |
| 101 | # | |
| 102 | CONFIG_GRKERNSEC_FLOODTIME=10 | |
| 2380c486 | 103 | CONFIG_GRKERNSEC_FLOODBURST=10 |
| c9d1c54c | 104 | |
| 2380c486 | 105 | CONFIG_IP_NF_MATCH_STEALTH=m |