]>
Commit | Line | Data |
---|---|---|
c9d1c54c AM |
1 | # |
2 | # Grsecurity | |
3 | # | |
4 | CONFIG_GRKERNSEC=y | |
5 | # CONFIG_GRKERNSEC_LOW is not set | |
6 | # CONFIG_GRKERNSEC_MEDIUM is not set | |
7 | # CONFIG_GRKERNSEC_HIGH is not set | |
8 | CONFIG_GRKERNSEC_CUSTOM=y | |
9 | ||
10 | # | |
11 | # Address Space Protection | |
12 | # | |
13 | # CONFIG_GRKERNSEC_KMEM is not set | |
14 | # CONFIG_GRKERNSEC_IO is not set | |
15 | CONFIG_GRKERNSEC_PROC_MEMMAP=y | |
16 | CONFIG_GRKERNSEC_BRUTE=y | |
17 | CONFIG_GRKERNSEC_HIDESYM=y | |
18 | ||
19 | # | |
20 | # Role Based Access Control Options | |
21 | # | |
22 | CONFIG_GRKERNSEC_ACL_HIDEKERN=y | |
23 | CONFIG_GRKERNSEC_ACL_MAXTRIES=3 | |
24 | CONFIG_GRKERNSEC_ACL_TIMEOUT=30 | |
25 | ||
26 | # | |
27 | # Filesystem Protections | |
28 | # | |
29 | CONFIG_GRKERNSEC_PROC=y | |
30 | # CONFIG_GRKERNSEC_PROC_USER is not set | |
31 | CONFIG_GRKERNSEC_PROC_USERGROUP=y | |
32 | CONFIG_GRKERNSEC_PROC_GID=17 | |
33 | CONFIG_GRKERNSEC_PROC_ADD=y | |
34 | CONFIG_GRKERNSEC_LINK=y | |
35 | CONFIG_GRKERNSEC_FIFO=y | |
36 | CONFIG_GRKERNSEC_CHROOT=y | |
37 | CONFIG_GRKERNSEC_CHROOT_MOUNT=y | |
38 | CONFIG_GRKERNSEC_CHROOT_DOUBLE=y | |
39 | CONFIG_GRKERNSEC_CHROOT_PIVOT=y | |
40 | CONFIG_GRKERNSEC_CHROOT_CHDIR=y | |
41 | CONFIG_GRKERNSEC_CHROOT_CHMOD=y | |
42 | CONFIG_GRKERNSEC_CHROOT_FCHDIR=y | |
43 | CONFIG_GRKERNSEC_CHROOT_MKNOD=y | |
44 | CONFIG_GRKERNSEC_CHROOT_SHMAT=y | |
45 | CONFIG_GRKERNSEC_CHROOT_UNIX=y | |
46 | CONFIG_GRKERNSEC_CHROOT_FINDTASK=y | |
47 | CONFIG_GRKERNSEC_CHROOT_NICE=y | |
48 | CONFIG_GRKERNSEC_CHROOT_SYSCTL=y | |
49 | CONFIG_GRKERNSEC_CHROOT_CAPS=y | |
50 | ||
51 | # | |
52 | # Kernel Auditing | |
53 | # | |
54 | # CONFIG_GRKERNSEC_AUDIT_GROUP is not set | |
55 | # CONFIG_GRKERNSEC_EXECLOG is not set | |
56 | CONFIG_GRKERNSEC_RESLOG=y | |
57 | # CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set | |
58 | # CONFIG_GRKERNSEC_AUDIT_CHDIR is not set | |
59 | # CONFIG_GRKERNSEC_AUDIT_MOUNT is not set | |
60 | # CONFIG_GRKERNSEC_AUDIT_IPC is not set | |
61 | CONFIG_GRKERNSEC_SIGNAL=y | |
62 | CONFIG_GRKERNSEC_FORKFAIL=y | |
63 | CONFIG_GRKERNSEC_TIME=y | |
64 | CONFIG_GRKERNSEC_PROC_IPADDR=y | |
65 | # CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set | |
66 | ||
67 | # | |
68 | # Executable Protections | |
69 | # | |
70 | CONFIG_GRKERNSEC_EXECVE=y | |
71 | CONFIG_GRKERNSEC_DMESG=y | |
72 | CONFIG_GRKERNSEC_RANDPID=y | |
73 | # CONFIG_GRKERNSEC_TPE is not set | |
74 | ||
75 | # | |
76 | # Network Protections | |
77 | # | |
78 | CONFIG_GRKERNSEC_RANDNET=y | |
79 | CONFIG_GRKERNSEC_RANDISN=y | |
80 | CONFIG_GRKERNSEC_RANDID=y | |
81 | CONFIG_GRKERNSEC_RANDSRC=y | |
82 | CONFIG_GRKERNSEC_RANDRPC=y | |
83 | CONFIG_GRKERNSEC_SOCKET=y | |
84 | CONFIG_GRKERNSEC_SOCKET_ALL=y | |
85 | CONFIG_GRKERNSEC_SOCKET_ALL_GID=65501 | |
86 | CONFIG_GRKERNSEC_SOCKET_CLIENT=y | |
87 | CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=65502 | |
88 | CONFIG_GRKERNSEC_SOCKET_SERVER=y | |
89 | CONFIG_GRKERNSEC_SOCKET_SERVER_GID=65503 | |
90 | ||
91 | # | |
92 | # Sysctl support | |
93 | # | |
94 | CONFIG_GRKERNSEC_SYSCTL=y | |
95 | ||
96 | # | |
97 | # Logging Options | |
98 | # | |
99 | CONFIG_GRKERNSEC_FLOODTIME=10 | |
100 | CONFIG_GRKERNSEC_FLOODBURST=4 | |
101 | ||
102 | # | |
103 | # PaX | |
104 | # | |
105 | # CONFIG_PAX is not set |