Sincerely sorry, I haven't even looked unconfigured options into your kernel.

CONFIG_GRKERNSEC_AUDIT_GROUP ok I can understand the fact of not using it.
CONFIG_GRKERNSEC_SYMLINKOWN why not have activated?

Ideally "CONFIG_PAX_SOFTMODE=y" should be replaced by "#
CONFIG_PAX_SOFTMODE is not set" to ensure that PAX cannot be disabled
in a hardened kernel (Can be possible with Kernel Parameters at
startup.)

2016-01-06 18:36 GMT+01:00 Yves-Alexis Perez <cor...@debian.org>:
> On mer., 2016-01-06 at 13:28 +0100, HacKurx wrote:
>> It lacks some configuration options for sysctl with grsecurity. To know:
>> kernel.grsecurity.audit_gid
>> kernel.grsecurity.audit_group
>
> CONFIG_GRKERNSEC_AUDIT_GROUP is not set, so the sysctl doesn't exist.
>
>> kernel.grsecurity.enforce_symlinksifowner
>> kernel.grsecurity.symlinkown_gid
>
> Likewise, CONFIG_GRKERNSEC_SYMLINKOWN is not set, so there's no sysctl either.
>
> Regards,
> --
> Yves-Alexis
>



-- 
Best regards,

HacKurx (Loic)
blog.opensec.fr

Reply via email to