]>
Commit | Line | Data |
---|---|---|
c9d1c54c AM |
1 | # |
2 | # Grsecurity | |
3 | # | |
4 | CONFIG_GRKERNSEC=y | |
5 | # CONFIG_GRKERNSEC_LOW is not set | |
6 | # CONFIG_GRKERNSEC_MEDIUM is not set | |
7 | # CONFIG_GRKERNSEC_HIGH is not set | |
8 | CONFIG_GRKERNSEC_CUSTOM=y | |
9 | ||
10 | # | |
11 | # Address Space Protection | |
12 | # | |
13 | # CONFIG_GRKERNSEC_KMEM is not set | |
14 | # CONFIG_GRKERNSEC_IO is not set | |
2380c486 | 15 | # CONFIG_GRKERNSEC_PROC_MEMMAP is not set |
c9d1c54c | 16 | CONFIG_GRKERNSEC_BRUTE=y |
2380c486 JR |
17 | CONFIG_GRKERNSEC_MODSTOP=y |
18 | # CONFIG_GRKERNSEC_HIDESYM is not set | |
c9d1c54c AM |
19 | |
20 | # | |
21 | # Role Based Access Control Options | |
22 | # | |
017d2877 | 23 | # CONFIG_GRKERNSEC_NO_RBAC is not set |
c9d1c54c AM |
24 | CONFIG_GRKERNSEC_ACL_HIDEKERN=y |
25 | CONFIG_GRKERNSEC_ACL_MAXTRIES=3 | |
26 | CONFIG_GRKERNSEC_ACL_TIMEOUT=30 | |
27 | ||
28 | # | |
29 | # Filesystem Protections | |
30 | # | |
31 | CONFIG_GRKERNSEC_PROC=y | |
32 | # CONFIG_GRKERNSEC_PROC_USER is not set | |
33 | CONFIG_GRKERNSEC_PROC_USERGROUP=y | |
34 | CONFIG_GRKERNSEC_PROC_GID=17 | |
35 | CONFIG_GRKERNSEC_PROC_ADD=y | |
36 | CONFIG_GRKERNSEC_LINK=y | |
37 | CONFIG_GRKERNSEC_FIFO=y | |
38 | CONFIG_GRKERNSEC_CHROOT=y | |
39 | CONFIG_GRKERNSEC_CHROOT_MOUNT=y | |
40 | CONFIG_GRKERNSEC_CHROOT_DOUBLE=y | |
41 | CONFIG_GRKERNSEC_CHROOT_PIVOT=y | |
42 | CONFIG_GRKERNSEC_CHROOT_CHDIR=y | |
43 | CONFIG_GRKERNSEC_CHROOT_CHMOD=y | |
44 | CONFIG_GRKERNSEC_CHROOT_FCHDIR=y | |
45 | CONFIG_GRKERNSEC_CHROOT_MKNOD=y | |
46 | CONFIG_GRKERNSEC_CHROOT_SHMAT=y | |
47 | CONFIG_GRKERNSEC_CHROOT_UNIX=y | |
48 | CONFIG_GRKERNSEC_CHROOT_FINDTASK=y | |
49 | CONFIG_GRKERNSEC_CHROOT_NICE=y | |
50 | CONFIG_GRKERNSEC_CHROOT_SYSCTL=y | |
51 | CONFIG_GRKERNSEC_CHROOT_CAPS=y | |
52 | ||
53 | # | |
54 | # Kernel Auditing | |
55 | # | |
2380c486 JR |
56 | CONFIG_GRKERNSEC_AUDIT_GROUP=y |
57 | CONFIG_GRKERNSEC_AUDIT_GID=1007 | |
58 | CONFIG_GRKERNSEC_EXECLOG=y | |
c9d1c54c | 59 | CONFIG_GRKERNSEC_RESLOG=y |
2380c486 JR |
60 | CONFIG_GRKERNSEC_CHROOT_EXECLOG=y |
61 | CONFIG_GRKERNSEC_AUDIT_CHDIR=y | |
62 | CONFIG_GRKERNSEC_AUDIT_MOUNT=y | |
63 | CONFIG_GRKERNSEC_AUDIT_IPC=y | |
c9d1c54c AM |
64 | CONFIG_GRKERNSEC_SIGNAL=y |
65 | CONFIG_GRKERNSEC_FORKFAIL=y | |
66 | CONFIG_GRKERNSEC_TIME=y | |
67 | CONFIG_GRKERNSEC_PROC_IPADDR=y | |
2380c486 | 68 | CONFIG_GRKERNSEC_AUDIT_TEXTREL=y |
c9d1c54c AM |
69 | |
70 | # | |
71 | # Executable Protections | |
72 | # | |
73 | CONFIG_GRKERNSEC_EXECVE=y | |
74 | CONFIG_GRKERNSEC_DMESG=y | |
2380c486 JR |
75 | CONFIG_GRKERNSEC_TPE=y |
76 | CONFIG_GRKERNSEC_TPE_ALL=y | |
77 | # CONFIG_GRKERNSEC_TPE_INVERT is not set | |
78 | CONFIG_GRKERNSEC_TPE_GID=65500 | |
c9d1c54c AM |
79 | |
80 | # | |
81 | # Network Protections | |
82 | # | |
83 | CONFIG_GRKERNSEC_RANDNET=y | |
c9d1c54c AM |
84 | CONFIG_GRKERNSEC_SOCKET=y |
85 | CONFIG_GRKERNSEC_SOCKET_ALL=y | |
86 | CONFIG_GRKERNSEC_SOCKET_ALL_GID=65501 | |
87 | CONFIG_GRKERNSEC_SOCKET_CLIENT=y | |
88 | CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=65502 | |
89 | CONFIG_GRKERNSEC_SOCKET_SERVER=y | |
90 | CONFIG_GRKERNSEC_SOCKET_SERVER_GID=65503 | |
1519b3d4 | 91 | # CONFIG_GRKERNSEC_BLACKHOLE is not set |
c9d1c54c AM |
92 | |
93 | # | |
94 | # Sysctl support | |
95 | # | |
96 | CONFIG_GRKERNSEC_SYSCTL=y | |
2380c486 | 97 | # CONFIG_GRKERNSEC_SYSCTL_ON is not set |
c9d1c54c AM |
98 | |
99 | # | |
100 | # Logging Options | |
101 | # | |
102 | CONFIG_GRKERNSEC_FLOODTIME=10 | |
2380c486 | 103 | CONFIG_GRKERNSEC_FLOODBURST=10 |
c9d1c54c | 104 | |
2380c486 | 105 | CONFIG_IP_NF_MATCH_STEALTH=m |