Lines 1018-1020
Link Here
|
1018 |
# patch shell fixes. |
1018 |
# patch shell fixes. |
1019 |
# |
1019 |
# |
1020 |
# |
1020 |
# |
|
|
1021 |
|
1022 |
# |
1023 |
# Grsecurity |
1024 |
# |
1025 |
CONFIG_GRKERNSEC=y |
1026 |
# CONFIG_GRKERNSEC_LOW is not set |
1027 |
# CONFIG_GRKERNSEC_MID is not set |
1028 |
# CONFIG_GRKERNSEC_HI is not set |
1029 |
CONFIG_GRKERNSEC_CUSTOM=y |
1030 |
|
1031 |
# |
1032 |
# Address Space Protection |
1033 |
# |
1034 |
# CONFIG_GRKERNSEC_PAX_NOEXEC is not set |
1035 |
CONFIG_GRKERNSEC_PAX_ASLR=y |
1036 |
CONFIG_GRKERNSEC_PAX_RANDKSTACK=y |
1037 |
CONFIG_GRKERNSEC_PAX_RANDUSTACK=y |
1038 |
CONFIG_GRKERNSEC_PAX_RANDMMAP=y |
1039 |
# CONFIG_GRKERNSEC_KMEM is not set |
1040 |
# CONFIG_GRKERNSEC_IO is not set |
1041 |
CONFIG_GRKERNSEC_PROC_MEMMAP=y |
1042 |
CONFIG_GRKERNSEC_HIDESYM=y |
1043 |
|
1044 |
# |
1045 |
# ACL options |
1046 |
# |
1047 |
CONFIG_GRKERNSEC_ACL_HIDEKERN=y |
1048 |
CONFIG_GRKERNSEC_ACL_MAXTRIES=3 |
1049 |
CONFIG_GRKERNSEC_ACL_TIMEOUT=30 |
1050 |
|
1051 |
# |
1052 |
# Filesystem Protections |
1053 |
# |
1054 |
CONFIG_GRKERNSEC_PROC=y |
1055 |
CONFIG_GRKERNSEC_PROC_USER=y |
1056 |
CONFIG_GRKERNSEC_PROC_ADD=y |
1057 |
CONFIG_GRKERNSEC_LINK=y |
1058 |
CONFIG_GRKERNSEC_FIFO=y |
1059 |
CONFIG_GRKERNSEC_CHROOT=y |
1060 |
CONFIG_GRKERNSEC_CHROOT_MOUNT=y |
1061 |
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y |
1062 |
CONFIG_GRKERNSEC_CHROOT_PIVOT=y |
1063 |
CONFIG_GRKERNSEC_CHROOT_CHDIR=y |
1064 |
CONFIG_GRKERNSEC_CHROOT_CHMOD=y |
1065 |
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y |
1066 |
CONFIG_GRKERNSEC_CHROOT_MKNOD=y |
1067 |
CONFIG_GRKERNSEC_CHROOT_SHMAT=y |
1068 |
CONFIG_GRKERNSEC_CHROOT_UNIX=y |
1069 |
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y |
1070 |
CONFIG_GRKERNSEC_CHROOT_NICE=y |
1071 |
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y |
1072 |
CONFIG_GRKERNSEC_CHROOT_CAPS=y |
1073 |
|
1074 |
# |
1075 |
# Kernel Auditing |
1076 |
# |
1077 |
CONFIG_GRKERNSEC_AUDIT_GROUP=y |
1078 |
CONFIG_GRKERNSEC_AUDIT_GID=1007 |
1079 |
CONFIG_GRKERNSEC_EXECLOG=y |
1080 |
CONFIG_GRKERNSEC_RESLOG=y |
1081 |
CONFIG_GRKERNSEC_CHROOT_EXECLOG=y |
1082 |
CONFIG_GRKERNSEC_AUDIT_CHDIR=y |
1083 |
CONFIG_GRKERNSEC_AUDIT_MOUNT=y |
1084 |
CONFIG_GRKERNSEC_AUDIT_IPC=y |
1085 |
CONFIG_GRKERNSEC_SIGNAL=y |
1086 |
CONFIG_GRKERNSEC_FORKFAIL=y |
1087 |
CONFIG_GRKERNSEC_TIME=y |
1088 |
|
1089 |
# |
1090 |
# Executable Protections |
1091 |
# |
1092 |
CONFIG_GRKERNSEC_EXECVE=y |
1093 |
CONFIG_GRKERNSEC_DMESG=y |
1094 |
CONFIG_GRKERNSEC_RANDPID=y |
1095 |
CONFIG_GRKERNSEC_TPE=y |
1096 |
CONFIG_GRKERNSEC_TPE_ALL=y |
1097 |
CONFIG_GRKERNSEC_TPE_GID=1005 |
1098 |
|
1099 |
# |
1100 |
# Network Protections |
1101 |
# |
1102 |
CONFIG_GRKERNSEC_RANDNET=y |
1103 |
CONFIG_GRKERNSEC_RANDISN=y |
1104 |
CONFIG_GRKERNSEC_RANDID=y |
1105 |
CONFIG_GRKERNSEC_RANDSRC=y |
1106 |
CONFIG_GRKERNSEC_RANDRPC=y |
1107 |
CONFIG_GRKERNSEC_RANDPING=y |
1108 |
CONFIG_GRKERNSEC_SOCKET=y |
1109 |
CONFIG_GRKERNSEC_SOCKET_ALL=y |
1110 |
CONFIG_GRKERNSEC_SOCKET_ALL_GID=1004 |
1111 |
CONFIG_GRKERNSEC_SOCKET_CLIENT=y |
1112 |
CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=1003 |
1113 |
CONFIG_GRKERNSEC_SOCKET_SERVER=y |
1114 |
CONFIG_GRKERNSEC_SOCKET_SERVER_GID=1002 |
1115 |
|
1116 |
# |
1117 |
# Sysctl support |
1118 |
# |
1119 |
CONFIG_GRKERNSEC_SYSCTL=y |
1120 |
|
1121 |
# |
1122 |
# Logging options |
1123 |
# |
1124 |
CONFIG_GRKERNSEC_FLOODTIME=10 |
1125 |
CONFIG_GRKERNSEC_FLOODBURST=4 |