Sincerely sorry, I haven't even looked unconfigured options into your kernel.
CONFIG_GRKERNSEC_AUDIT_GROUP ok I can understand the fact of not using it. CONFIG_GRKERNSEC_SYMLINKOWN why not have activated? Ideally "CONFIG_PAX_SOFTMODE=y" should be replaced by "# CONFIG_PAX_SOFTMODE is not set" to ensure that PAX cannot be disabled in a hardened kernel (Can be possible with Kernel Parameters at startup.) 2016-01-06 18:36 GMT+01:00 Yves-Alexis Perez <cor...@debian.org>: > On mer., 2016-01-06 at 13:28 +0100, HacKurx wrote: >> It lacks some configuration options for sysctl with grsecurity. To know: >> kernel.grsecurity.audit_gid >> kernel.grsecurity.audit_group > > CONFIG_GRKERNSEC_AUDIT_GROUP is not set, so the sysctl doesn't exist. > >> kernel.grsecurity.enforce_symlinksifowner >> kernel.grsecurity.symlinkown_gid > > Likewise, CONFIG_GRKERNSEC_SYMLINKOWN is not set, so there's no sysctl either. > > Regards, > -- > Yves-Alexis > -- Best regards, HacKurx (Loic) blog.opensec.fr
