| hardening.config (d754ed2821fd9675d203cb73c4afcd593e28b7d0) | hardening.config (67f2df3b82d091ed095d0e47e1f3a9d3e18e4e41) |
|---|---|
| 1# Help: Basic kernel hardening options 2# 3# These are considered the basic kernel hardening, self-protection, and 4# attack surface reduction options. They are expected to have low (or 5# no) performance impact on most workloads, and have a reasonable level 6# of legacy API removals. 7 8# Make sure reporting of various hardening actions is possible. --- 6 unchanged lines hidden (view full) --- 15 16# Kernel image and memory ASLR. 17CONFIG_RANDOMIZE_BASE=y 18CONFIG_RANDOMIZE_MEMORY=y 19 20# Randomize allocator freelists, harden metadata. 21CONFIG_SLAB_FREELIST_RANDOM=y 22CONFIG_SLAB_FREELIST_HARDENED=y | 1# Help: Basic kernel hardening options 2# 3# These are considered the basic kernel hardening, self-protection, and 4# attack surface reduction options. They are expected to have low (or 5# no) performance impact on most workloads, and have a reasonable level 6# of legacy API removals. 7 8# Make sure reporting of various hardening actions is possible. --- 6 unchanged lines hidden (view full) --- 15 16# Kernel image and memory ASLR. 17CONFIG_RANDOMIZE_BASE=y 18CONFIG_RANDOMIZE_MEMORY=y 19 20# Randomize allocator freelists, harden metadata. 21CONFIG_SLAB_FREELIST_RANDOM=y 22CONFIG_SLAB_FREELIST_HARDENED=y |
| 23CONFIG_SLAB_BUCKETS=y |
|
| 23CONFIG_SHUFFLE_PAGE_ALLOCATOR=y 24CONFIG_RANDOM_KMALLOC_CACHES=y 25 26# Sanity check userspace page table mappings. 27CONFIG_PAGE_TABLE_CHECK=y 28CONFIG_PAGE_TABLE_CHECK_ENFORCED=y 29 30# Randomize kernel stack offset on syscall entry. --- 76 unchanged lines hidden --- | 24CONFIG_SHUFFLE_PAGE_ALLOCATOR=y 25CONFIG_RANDOM_KMALLOC_CACHES=y 26 27# Sanity check userspace page table mappings. 28CONFIG_PAGE_TABLE_CHECK=y 29CONFIG_PAGE_TABLE_CHECK_ENFORCED=y 30 31# Randomize kernel stack offset on syscall entry. --- 76 unchanged lines hidden --- |