'[IPCop-cvs] ipcop/config/kernel kernel.config.i486.smp,1.6,1.7'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipcop-cvs
Subject:    [IPCop-cvs] ipcop/config/kernel kernel.config.i486.smp,1.6,1.7
From:       Ivan Kabaivanov <chepati () users ! sourceforge ! net>
Date:       2006-03-28 10:01:48
Message-ID: E1FOB1J-0001EZ-HO () mail ! sourceforge ! net
[Download RAW message or body]

Update of /cvsroot/ipcop/ipcop/config/kernel
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv5721/config/kernel

Modified Files:
	kernel.config.i486.smp 
Log Message:
smp config with grsecurity

Index: kernel.config.i486.smp
===================================================================
RCS file: /cvsroot/ipcop/ipcop/config/kernel/kernel.config.i486.smp,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** kernel.config.i486.smp	15 Nov 2005 12:44:43 -0000	1.6
--- kernel.config.i486.smp	28 Mar 2006 10:01:44 -0000	1.7
***************
*** 385,388 ****
--- 385,389 ----
  CONFIG_IP_NF_MATCH_TTL=m
  CONFIG_IP_NF_MATCH_TCPMSS=m
+ CONFIG_IP_NF_MATCH_STEALTH=m
  CONFIG_IP_NF_MATCH_HELPER=m
  CONFIG_IP_NF_MATCH_STATE=m
***************
*** 1806,1809 ****
--- 1807,1947 ----
  # Security options
  #
+ 
+ #
+ # PaX
+ #
+ CONFIG_PAX=y
+ 
+ #
+ # PaX Control
+ #
+ # CONFIG_PAX_SOFTMODE is not set
+ # CONFIG_PAX_EI_PAX is not set
+ CONFIG_PAX_PT_PAX_FLAGS=y
+ # CONFIG_PAX_NO_ACL_FLAGS is not set
+ CONFIG_PAX_HAVE_ACL_FLAGS=y
+ # CONFIG_PAX_HOOK_ACL_FLAGS is not set
+ 
+ #
+ # Non-executable pages
+ #
+ CONFIG_PAX_NOEXEC=y
+ CONFIG_PAX_PAGEEXEC=y
+ CONFIG_PAX_SEGMEXEC=y
+ # CONFIG_PAX_DEFAULT_PAGEEXEC is not set
+ CONFIG_PAX_DEFAULT_SEGMEXEC=y
+ # CONFIG_PAX_EMUTRAMP is not set
+ CONFIG_PAX_MPROTECT=y
+ # CONFIG_PAX_NOELFRELOCS is not set
+ CONFIG_PAX_KERNEXEC=y
+ 
+ #
+ # Address Space Layout Randomization
+ #
+ CONFIG_PAX_ASLR=y
+ CONFIG_PAX_RANDKSTACK=y
+ CONFIG_PAX_RANDUSTACK=y
+ CONFIG_PAX_RANDMMAP=y
+ CONFIG_PAX_NOVSYSCALL=y
+ 
+ #
+ # Grsecurity
+ #
+ CONFIG_GRKERNSEC=y
+ # CONFIG_GRKERNSEC_LOW is not set
+ # CONFIG_GRKERNSEC_MEDIUM is not set
+ # CONFIG_GRKERNSEC_HIGH is not set
+ CONFIG_GRKERNSEC_CUSTOM=y
+ 
+ #
+ # Address Space Protection
+ #
+ CONFIG_GRKERNSEC_KMEM=y
+ # CONFIG_GRKERNSEC_IO is not set
+ CONFIG_GRKERNSEC_PROC_MEMMAP=y
+ CONFIG_GRKERNSEC_BRUTE=y
+ CONFIG_GRKERNSEC_MODSTOP=y
+ CONFIG_GRKERNSEC_HIDESYM=y
+ 
+ #
+ # Role Based Access Control Options
+ #
+ CONFIG_GRKERNSEC_ACL_HIDEKERN=y
+ CONFIG_GRKERNSEC_ACL_MAXTRIES=3
+ CONFIG_GRKERNSEC_ACL_TIMEOUT=30
+ 
+ #
+ # Filesystem Protections
+ #
+ CONFIG_GRKERNSEC_PROC=y
+ CONFIG_GRKERNSEC_PROC_USER=y
+ CONFIG_GRKERNSEC_PROC_ADD=y
+ CONFIG_GRKERNSEC_LINK=y
+ CONFIG_GRKERNSEC_FIFO=y
+ CONFIG_GRKERNSEC_CHROOT=y
+ CONFIG_GRKERNSEC_CHROOT_MOUNT=y
+ CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
+ CONFIG_GRKERNSEC_CHROOT_PIVOT=y
+ CONFIG_GRKERNSEC_CHROOT_CHDIR=y
+ CONFIG_GRKERNSEC_CHROOT_CHMOD=y
+ CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
+ CONFIG_GRKERNSEC_CHROOT_MKNOD=y
+ CONFIG_GRKERNSEC_CHROOT_SHMAT=y
+ CONFIG_GRKERNSEC_CHROOT_UNIX=y
+ CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
+ CONFIG_GRKERNSEC_CHROOT_NICE=y
+ CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
+ CONFIG_GRKERNSEC_CHROOT_CAPS=y
+ 
+ #
+ # Kernel Auditing
+ #
+ # CONFIG_GRKERNSEC_AUDIT_GROUP is not set
+ # CONFIG_GRKERNSEC_EXECLOG is not set
+ # CONFIG_GRKERNSEC_RESLOG is not set
+ # CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
+ # CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
+ # CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
+ # CONFIG_GRKERNSEC_AUDIT_IPC is not set
+ # CONFIG_GRKERNSEC_SIGNAL is not set
+ # CONFIG_GRKERNSEC_FORKFAIL is not set
+ # CONFIG_GRKERNSEC_TIME is not set
+ # CONFIG_GRKERNSEC_PROC_IPADDR is not set
+ # CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
+ 
+ #
+ # Executable Protections
+ #
+ CONFIG_GRKERNSEC_EXECVE=y
+ CONFIG_GRKERNSEC_SHM=y
+ CONFIG_GRKERNSEC_DMESG=y
+ CONFIG_GRKERNSEC_RANDPID=y
+ CONFIG_GRKERNSEC_TPE=y
+ # CONFIG_GRKERNSEC_TPE_ALL is not set
+ # CONFIG_GRKERNSEC_TPE_INVERT is not set
+ CONFIG_GRKERNSEC_TPE_GID=1000
+ 
+ #
+ # Network Protections
+ #
+ CONFIG_GRKERNSEC_RANDNET=y
+ CONFIG_GRKERNSEC_RANDSRC=y
+ CONFIG_GRKERNSEC_SOCKET=y
+ CONFIG_GRKERNSEC_SOCKET_ALL=y
+ CONFIG_GRKERNSEC_SOCKET_ALL_GID=1000
+ # CONFIG_GRKERNSEC_SOCKET_CLIENT is not set
+ # CONFIG_GRKERNSEC_SOCKET_SERVER is not set
+ 
+ #
+ # Sysctl support
+ #
+ CONFIG_GRKERNSEC_SYSCTL=y
+ CONFIG_GRKERNSEC_SYSCTL_ON=y
+ 
+ #
+ # Logging Options
+ #
+ CONFIG_GRKERNSEC_FLOODTIME=10
+ CONFIG_GRKERNSEC_FLOODBURST=4
  # CONFIG_KEYS is not set
  # CONFIG_SECURITY is not set



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
IPCop-cvs mailing list
IPCop-cvs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-cvs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic