projects / packages / kernel.git / blame
| Commit | Line | Data |
|---|---|---|
| c9d1c54c AM |
1 | # |
| 2 | # Grsecurity | |
| 3 | # | |
| 4 | CONFIG_GRKERNSEC=y | |
| 5 | # CONFIG_GRKERNSEC_LOW is not set | |
| 6 | # CONFIG_GRKERNSEC_MEDIUM is not set | |
| 7 | # CONFIG_GRKERNSEC_HIGH is not set | |
| 8 | CONFIG_GRKERNSEC_CUSTOM=y | |
| 9 | ||
| 10 | # | |
| 11 | # Address Space Protection | |
| 12 | # | |
| 13 | # CONFIG_GRKERNSEC_KMEM is not set | |
| 14 | # CONFIG_GRKERNSEC_IO is not set | |
| 15 | CONFIG_GRKERNSEC_PROC_MEMMAP=y | |
| 16 | CONFIG_GRKERNSEC_BRUTE=y | |
| 17 | CONFIG_GRKERNSEC_HIDESYM=y | |
| 18 | ||
| 19 | # | |
| 20 | # Role Based Access Control Options | |
| 21 | # | |
| 22 | CONFIG_GRKERNSEC_ACL_HIDEKERN=y | |
| 23 | CONFIG_GRKERNSEC_ACL_MAXTRIES=3 | |
| 24 | CONFIG_GRKERNSEC_ACL_TIMEOUT=30 | |
| 25 | ||
| 26 | # | |
| 27 | # Filesystem Protections | |
| 28 | # | |
| 29 | CONFIG_GRKERNSEC_PROC=y | |
| 30 | # CONFIG_GRKERNSEC_PROC_USER is not set | |
| 31 | CONFIG_GRKERNSEC_PROC_USERGROUP=y | |
| 32 | CONFIG_GRKERNSEC_PROC_GID=17 | |
| 33 | CONFIG_GRKERNSEC_PROC_ADD=y | |
| 34 | CONFIG_GRKERNSEC_LINK=y | |
| 35 | CONFIG_GRKERNSEC_FIFO=y | |
| 36 | CONFIG_GRKERNSEC_CHROOT=y | |
| 37 | CONFIG_GRKERNSEC_CHROOT_MOUNT=y | |
| 38 | CONFIG_GRKERNSEC_CHROOT_DOUBLE=y | |
| 39 | CONFIG_GRKERNSEC_CHROOT_PIVOT=y | |
| 40 | CONFIG_GRKERNSEC_CHROOT_CHDIR=y | |
| 41 | CONFIG_GRKERNSEC_CHROOT_CHMOD=y | |
| 42 | CONFIG_GRKERNSEC_CHROOT_FCHDIR=y | |
| 43 | CONFIG_GRKERNSEC_CHROOT_MKNOD=y | |
| 44 | CONFIG_GRKERNSEC_CHROOT_SHMAT=y | |
| 45 | CONFIG_GRKERNSEC_CHROOT_UNIX=y | |
| 46 | CONFIG_GRKERNSEC_CHROOT_FINDTASK=y | |
| 47 | CONFIG_GRKERNSEC_CHROOT_NICE=y | |
| 48 | CONFIG_GRKERNSEC_CHROOT_SYSCTL=y | |
| 49 | CONFIG_GRKERNSEC_CHROOT_CAPS=y | |
| 50 | ||
| 51 | # | |
| 52 | # Kernel Auditing | |
| 53 | # | |
| 54 | # CONFIG_GRKERNSEC_AUDIT_GROUP is not set | |
| 55 | # CONFIG_GRKERNSEC_EXECLOG is not set | |
| 56 | CONFIG_GRKERNSEC_RESLOG=y | |
| 57 | # CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set | |
| 58 | # CONFIG_GRKERNSEC_AUDIT_CHDIR is not set | |
| 59 | # CONFIG_GRKERNSEC_AUDIT_MOUNT is not set | |
| 60 | # CONFIG_GRKERNSEC_AUDIT_IPC is not set | |
| 61 | CONFIG_GRKERNSEC_SIGNAL=y | |
| 62 | CONFIG_GRKERNSEC_FORKFAIL=y | |
| 63 | CONFIG_GRKERNSEC_TIME=y | |
| 64 | CONFIG_GRKERNSEC_PROC_IPADDR=y | |
| 65 | # CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set | |
| 66 | ||
| 67 | # | |
| 68 | # Executable Protections | |
| 69 | # | |
| 70 | CONFIG_GRKERNSEC_EXECVE=y | |
| 71 | CONFIG_GRKERNSEC_DMESG=y | |
| 72 | CONFIG_GRKERNSEC_RANDPID=y | |
| 73 | # CONFIG_GRKERNSEC_TPE is not set | |
| 74 | ||
| 75 | # | |
| 76 | # Network Protections | |
| 77 | # | |
| 78 | CONFIG_GRKERNSEC_RANDNET=y | |
| 79 | CONFIG_GRKERNSEC_RANDISN=y | |
| 80 | CONFIG_GRKERNSEC_RANDID=y | |
| 81 | CONFIG_GRKERNSEC_RANDSRC=y | |
| 82 | CONFIG_GRKERNSEC_RANDRPC=y | |
| 83 | CONFIG_GRKERNSEC_SOCKET=y | |
| 84 | CONFIG_GRKERNSEC_SOCKET_ALL=y | |
| 85 | CONFIG_GRKERNSEC_SOCKET_ALL_GID=65501 | |
| 86 | CONFIG_GRKERNSEC_SOCKET_CLIENT=y | |
| 87 | CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=65502 | |
| 88 | CONFIG_GRKERNSEC_SOCKET_SERVER=y | |
| 89 | CONFIG_GRKERNSEC_SOCKET_SERVER_GID=65503 | |
| 90 | ||
| 91 | # | |
| 92 | # Sysctl support | |
| 93 | # | |
| 94 | CONFIG_GRKERNSEC_SYSCTL=y | |
| 95 | ||
| 96 | # | |
| 97 | # Logging Options | |
| 98 | # | |
| 99 | CONFIG_GRKERNSEC_FLOODTIME=10 | |
| 100 | CONFIG_GRKERNSEC_FLOODBURST=4 | |
| 101 | ||
| 102 | # | |
| 103 | # PaX | |
| 104 | # | |
| 105 | # CONFIG_PAX is not set |