Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 24248
Collapse All | Expand All

(-)defconfig (+105 lines)
Lines 1018-1020 Link Here
1018
# patch shell fixes.
1018
# patch shell fixes.
1019
#
1019
#
1020
#
1020
#
1021
1022
#
1023
# Grsecurity
1024
#
1025
CONFIG_GRKERNSEC=y
1026
# CONFIG_GRKERNSEC_LOW is not set
1027
# CONFIG_GRKERNSEC_MID is not set
1028
# CONFIG_GRKERNSEC_HI is not set
1029
CONFIG_GRKERNSEC_CUSTOM=y
1030
1031
#
1032
# Address Space Protection
1033
#
1034
# CONFIG_GRKERNSEC_PAX_NOEXEC is not set
1035
CONFIG_GRKERNSEC_PAX_ASLR=y
1036
CONFIG_GRKERNSEC_PAX_RANDKSTACK=y
1037
CONFIG_GRKERNSEC_PAX_RANDUSTACK=y
1038
CONFIG_GRKERNSEC_PAX_RANDMMAP=y
1039
# CONFIG_GRKERNSEC_KMEM is not set
1040
# CONFIG_GRKERNSEC_IO is not set
1041
CONFIG_GRKERNSEC_PROC_MEMMAP=y
1042
CONFIG_GRKERNSEC_HIDESYM=y
1043
1044
#
1045
# ACL options
1046
#
1047
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
1048
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
1049
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
1050
1051
#
1052
# Filesystem Protections
1053
#
1054
CONFIG_GRKERNSEC_PROC=y
1055
CONFIG_GRKERNSEC_PROC_USER=y
1056
CONFIG_GRKERNSEC_PROC_ADD=y
1057
CONFIG_GRKERNSEC_LINK=y
1058
CONFIG_GRKERNSEC_FIFO=y
1059
CONFIG_GRKERNSEC_CHROOT=y
1060
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
1061
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
1062
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
1063
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
1064
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
1065
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
1066
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
1067
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
1068
CONFIG_GRKERNSEC_CHROOT_UNIX=y
1069
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
1070
CONFIG_GRKERNSEC_CHROOT_NICE=y
1071
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
1072
CONFIG_GRKERNSEC_CHROOT_CAPS=y
1073
1074
#
1075
# Kernel Auditing
1076
#
1077
CONFIG_GRKERNSEC_AUDIT_GROUP=y
1078
CONFIG_GRKERNSEC_AUDIT_GID=1007
1079
CONFIG_GRKERNSEC_EXECLOG=y
1080
CONFIG_GRKERNSEC_RESLOG=y
1081
CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
1082
CONFIG_GRKERNSEC_AUDIT_CHDIR=y
1083
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
1084
CONFIG_GRKERNSEC_AUDIT_IPC=y
1085
CONFIG_GRKERNSEC_SIGNAL=y
1086
CONFIG_GRKERNSEC_FORKFAIL=y
1087
CONFIG_GRKERNSEC_TIME=y
1088
1089
#
1090
# Executable Protections
1091
#
1092
CONFIG_GRKERNSEC_EXECVE=y
1093
CONFIG_GRKERNSEC_DMESG=y
1094
CONFIG_GRKERNSEC_RANDPID=y
1095
CONFIG_GRKERNSEC_TPE=y
1096
CONFIG_GRKERNSEC_TPE_ALL=y
1097
CONFIG_GRKERNSEC_TPE_GID=1005
1098
1099
#
1100
# Network Protections
1101
#
1102
CONFIG_GRKERNSEC_RANDNET=y
1103
CONFIG_GRKERNSEC_RANDISN=y
1104
CONFIG_GRKERNSEC_RANDID=y
1105
CONFIG_GRKERNSEC_RANDSRC=y
1106
CONFIG_GRKERNSEC_RANDRPC=y
1107
CONFIG_GRKERNSEC_RANDPING=y
1108
CONFIG_GRKERNSEC_SOCKET=y
1109
CONFIG_GRKERNSEC_SOCKET_ALL=y
1110
CONFIG_GRKERNSEC_SOCKET_ALL_GID=1004
1111
CONFIG_GRKERNSEC_SOCKET_CLIENT=y
1112
CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=1003
1113
CONFIG_GRKERNSEC_SOCKET_SERVER=y
1114
CONFIG_GRKERNSEC_SOCKET_SERVER_GID=1002
1115
1116
#
1117
# Sysctl support
1118
#
1119
CONFIG_GRKERNSEC_SYSCTL=y
1120
1121
#
1122
# Logging options
1123
#
1124
CONFIG_GRKERNSEC_FLOODTIME=10
1125
CONFIG_GRKERNSEC_FLOODBURST=4

Return to bug 24248