kernel.grsecurity.audit_chdir = 0
kernel.grsecurity.audit_ipc = 0
kernel.grsecurity.audit_textrel = 0
kernel.grsecurity.audit_mount = 1
kernel.grsecurity.chroot_caps = 1
kernel.grsecurity.chroot_deny_chmod = 1
kernel.grsecurity.chroot_deny_chroot = 1
kernel.grsecurity.chroot_deny_fchdir = 1
kernel.grsecurity.chroot_deny_mknod = 1
kernel.grsecurity.chroot_deny_mount = 1
kernel.grsecurity.chroot_deny_pivot = 1
kernel.grsecurity.chroot_deny_shmat = 1
kernel.grsecurity.chroot_deny_sysctl = 1
kernel.grsecurity.chroot_deny_unix = 1
kernel.grsecurity.chroot_enforce_chdir = 1
kernel.grsecurity.chroot_execlog = 0
kernel.grsecurity.chroot_findtask = 1
kernel.grsecurity.chroot_restrict_nice = 1
kernel.grsecurity.dmesg = 1
kernel.grsecurity.exec_logging = 0
kernel.grsecurity.execve_limiting = 1
kernel.grsecurity.fifo_restrictions = 1
kernel.grsecurity.forkfail_logging = 1
kernel.grsecurity.linking_restrictions = 1
kernel.grsecurity.rand_pids = 1
kernel.grsecurity.rand_tcp_src_ports = 1
kernel.grsecurity.signal_logging = 1
kernel.grsecurity.timechange_logging = 1
kernel.grsecurity.tpe = 0
kernel.grsecurity.tpe_gid = 0
kernel.grsecurity.tpe_restrict_all = 0
kernel.grsecurity.timechange_logging=0
kernel.grsecurity.execve_limiting=0

kernel.random.poolsize = 8192

## special rmem and wmem tweaks for file transfers, version 0.1
## temp
#net.ipv4.tcp_rmem = 4096 8388608 16777216
#net.ipv4.tcp_wmem = 4096 524288 16777216
#net.ipv4.tcp_mem = 97280 977920 9830400
## increase Linux TCP buffer limits
#net.core.rmem_max = 16777216
#net.core.wmem_max = 16777216
#net.core.rmem_default = 131072
#net.core.wmem_default = 131072