Глава 6. Безопасность и оптимизация ядра
Log execs within chroot (CONFIG_GRKERNSEC_CHROOT_EXECLOG) [N/y/?]
Chdir logging (CONFIG_GRKERNSEC_AUDIT_CHDIR) [N/y/?]
(Un)Mount logging (COHFIG_GRKERNSEC_AUDIT_MOUNT) [N/y/?]
IPC logging (CONFIG_GRKERNSEC_AUDIT_IPC) [N/y/?]
Ptrace logging (CONFIG_GRKERNSEC_AUDIT_PTRACE) [N/y/?]
Signal logging (CONFIG_GRKERNSEC_SIGNAL) [N/y/?]
Fork failure logging (CONFIG_GRKERNSEC_FORKFAIL) [N/y/?]
Set*id logging (CONFIG_GRKERNSEC_SUID) [N/y/?]
Log set*ids to root (CONFIG_GRKERNSEC_SUID_ROOT) [N/y/?]
Time change logging (CONFIG_GRKERNSEC_TIME) [N/y/?]
*
*Executable Protections
*
Exec process limiting (CONFIG_GRKERNSEC_EXECVE) [N/y/?]
Dmesg(8) restriction (CONFIG_GRKERNSEC_DMESG) [N/y/?]
Randomized PIDs (CONFIG_GRKERNSEC_RANDPID) [N/y/?]
Altered default IPC permissions (CONFIG_GRKERNSEC_IPC) [N/y/?]
imit uid/gid changes to root (CONFIG_GRKERNSEC_TTYROOT) [N/y/?]
Deny physical consoles (tty) (CONFIG_GRKERNSEC_TTYROOT_PHYS) [N/y/?]
Deny serial consoles (ttyS) (CONFIG_GRKERNSEC_TTYROOT_SERIAL) [N/y/?]
Deny pseudo consoles (pty) (CONFIG_GRKERNSEC_TTYROOT_PSEUDO) [N/y/?]
Fork-bomb protection (CONFIG_GRKERNSEC_FORKBOMB) [N/y/?]
GID for restricted users (CONFIG_GRKERNSEC_FORKBOMB_GID) [1006]
Forks allowed per second (CONFIG_GRKERNSEC_FORKBOMB_SEC) [40]
Maximum processes allowed (CONFIG_GRKERNSEC_FORKBOMB_MAX) [20] 33
Trusted path execution (CONFIG_GRKERNSEC_TPE) [N/y/?]
Glibc protection (CONFIG_GRKERNSEC_TPE_GLIBC) [N/y/?]
Partially restrict non-root users (CONFIG_GRKERNSEC_TPE_ALL) [N/y/?]
GID for untrusted users: (CONFIG_GRKERNSEC_TPE_GID) [1005]
Restricted ptrace (CONFIG_GRKERNSEC_PTRACE) [N/y/?]
Allow ptrace for group (CONFIG_GRKERNSEC_PTRACE_GROUP) [N/y/?]
*
*Network Protections
*
Randomized IP IDs (CONFIG_GRKERNSEC_RANDID) [N/y/?]
Randomized TCP source ports (CONFIG_GRKERNSEC_RANDSRC) [N/y/?]
Randomized RPC XIDs (CONFIG_GRKERNSEC_RANDRPC) [N/y/?]
Altered Ping IDs (CONFIG_GRKERNSEC_RANDPING) [N/y/?]
Randomized TTL (CONFIG_GRKERNSEC_RANDTTL) [N/y/?]
Socket restrictions (CONFIG_GRKERNSEC_SOCKET) [N/y/?]
Deny any sockets to group (CONFIG_GRKERNSEC_SOCKET_ALL) [N/y/?]
GID to deny all sockets for: (CONFIG_GRKERNSEC_SOCKET_ALI_GID) [1004]
Deny client sockets to group (CONFIG_GRKERNSEC_SOCKET_CLIENT) [N/y/?]
Deny server sockets to group (CONFIG_GRKERNSEC_SOCKET_SERVER) [N/y/?]
*
Syactl support
*
Sysctl support (CONFIG_GRKERNSEC_SYSCTL) [N/y/?]
*
*Miscellaneous Features
*
Seconds in between log messages (minimum) (CONFIG_GRKERNSEC_FLOODTIME)
[30]
BSD-style coredumps (CONFIG_GRKERNSEC_COREDUMP) [N/y/?]
*** End of Linux kernel configuration.
*** Check the top-level Makefile for additional configuration.
*** Next, you must run ‘make dep’.
Компиляция ядра
Страницы: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
Метки: Grsecurity, архитектура, загрузчик, ядро