#
# CONFIG_GRKERNSEC_KMEM is not set
# CONFIG_GRKERNSEC_IO is not set
-CONFIG_GRKERNSEC_PROC_MEMMAP=y
+# CONFIG_GRKERNSEC_PROC_MEMMAP is not set
CONFIG_GRKERNSEC_BRUTE=y
-CONFIG_GRKERNSEC_HIDESYM=y
+CONFIG_GRKERNSEC_MODSTOP=y
+# CONFIG_GRKERNSEC_HIDESYM is not set
#
# Role Based Access Control Options
#
# Kernel Auditing
#
-# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
-# CONFIG_GRKERNSEC_EXECLOG is not set
+CONFIG_GRKERNSEC_AUDIT_GROUP=y
+CONFIG_GRKERNSEC_AUDIT_GID=1007
+CONFIG_GRKERNSEC_EXECLOG=y
CONFIG_GRKERNSEC_RESLOG=y
-# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
-# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
-# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
-# CONFIG_GRKERNSEC_AUDIT_IPC is not set
+CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
+CONFIG_GRKERNSEC_AUDIT_CHDIR=y
+CONFIG_GRKERNSEC_AUDIT_MOUNT=y
+CONFIG_GRKERNSEC_AUDIT_IPC=y
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
-# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
+CONFIG_GRKERNSEC_AUDIT_TEXTREL=y
#
# Executable Protections
#
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_DMESG=y
-CONFIG_GRKERNSEC_RANDPID=y
-# CONFIG_GRKERNSEC_TPE is not set
+CONFIG_GRKERNSEC_TPE=y
+CONFIG_GRKERNSEC_TPE_ALL=y
+# CONFIG_GRKERNSEC_TPE_INVERT is not set
+CONFIG_GRKERNSEC_TPE_GID=65500
#
# Network Protections
#
CONFIG_GRKERNSEC_RANDNET=y
-CONFIG_GRKERNSEC_RANDISN=y
-CONFIG_GRKERNSEC_RANDID=y
-CONFIG_GRKERNSEC_RANDSRC=y
-CONFIG_GRKERNSEC_RANDRPC=y
CONFIG_GRKERNSEC_SOCKET=y
CONFIG_GRKERNSEC_SOCKET_ALL=y
CONFIG_GRKERNSEC_SOCKET_ALL_GID=65501
# Sysctl support
#
CONFIG_GRKERNSEC_SYSCTL=y
+# CONFIG_GRKERNSEC_SYSCTL_ON is not set
#
# Logging Options
#
CONFIG_GRKERNSEC_FLOODTIME=10
-CONFIG_GRKERNSEC_FLOODBURST=4
+CONFIG_GRKERNSEC_FLOODBURST=10
-#
-# PaX
-#
-# CONFIG_PAX is not set
+CONFIG_IP_NF_MATCH_STEALTH=m
projects / packages / kernel.git / blobdiff