Summary
During OSCAP Scan Result (ID OSCAP-Test-Gentoo-Default) processing which started 2011-12-23 21:50 and ended 2011-12-23 21:50, 70 rule results were recorded.
Result ID: OSCAP-Test-Gentoo-Default
Start time: 2011-12-23 21:50
End time: 2011-12-23 21:50
Profile: Gentoo-Default
Target: hpl
Rule Results Summary
| pass | 51 |
| fixed | 0 |
| fail | 6 |
| error | 12 |
| not selected | 1 |
| not checked | 0 |
| not applicable | 0 |
| informational | 0 |
| unknown | 0 |
| total | 70 |
Target Information
Target
- hpl
Addresses
- 127.0.0.1
- 192.168.1.3
- 192.168.100.1
Benchmark Execution Information
Score
Security Score
| system | score | max | bar |
| urn:xccdf:scoring:default | 54.33 | 100.00 |
|
| urn:xccdf:scoring:flat | 51.00 | 69.00 |
|
Results
Rule results summary
| Title | Result | more |
| /home is a separate file system | pass | view |
| mount point /home is mounted with nosuid option | pass | view |
| mount point /home is mounted with nodev option | pass | view |
| mount point /home is mounted with usrquota option | fail | view |
| mount point /home is mounted with grpquota option | fail | view |
| /tmp is a separate file system of type tmpfs | pass | view |
| mount point /tmp is mounted with nosuid option | pass | view |
| mount point /tmp is mounted with nodev option | pass | view |
| mount point /tmp is mounted with noexec option | pass | view |
| file /etc/ssh/sshd_config must have a line that matches ^PermitRootLogin.*no | error | view |
| file /etc/ssh/sshd_config may not have a line that matches ^PubkeyAuthentication.*no | error | view |
| file /etc/ssh/sshd_config may not have a line that matches ^UsePAM.*yes | error | view |
| file /etc/ssh/sshd_config may not have a line that matches ^Protocol.*1.* | error | view |
| file /etc/ssh/sshd_config must have a line that matches ^Allow(Users|Groups).* | error | view |
| file /etc/ssh/sshd_config may not have a line that matches ^UsePrivilegeSeparation.*no | error | view |
| file /etc/ssh/sshd_config must have a line that matches ^AllowTcpForwarding.*no | error | view |
| file /etc/ssh/sshd_config may not have a line that matches ^X11Forwarding.*yes | error | view |
| file /etc/ssh/sshd_config may not have a line that matches ^StrictModes.*no | error | view |
| file /etc/cron.allow must have a line that matches [a-z0-9]* | pass | view |
| file /etc/at.allow must have a line that matches * | error | view |
| sysctl net.ipv4.ip_forward must be 0 | fail | view |
| sysctl net.ipv4.conf.all.rp_filter must be 1 | pass | view |
| sysctl net.ipv4.conf.default.rp_filter must be 1 | pass | view |
| sysctl net.ipv4.conf.all.accept_source_route must be 0 | pass | view |
| sysctl net.ipv4.conf.default.accept_source_route must be 0 | pass | view |
| sysctl net.ipv4.conf.all.accept_redirects must be 0 | pass | view |
| sysctl net.ipv4.conf.default.accept_redirects must be 0 | pass | view |
| sysctl net.ipv4.icmp_echo_ignore_broadcasts must be 1 | pass | view |
| sysctl net.ipv4.icmp_ignore_bogus_error_responses must be 1 | pass | view |
| sysctl net.ipv4.conf.all.log_martians must be 1 | pass | view |
| sysctl net.ipv4.conf.default.log_martians must be 1 | pass | view |
| file /boot/grub/grub.conf must have a line that matches ^password | error | view |
| file /etc/securetty may not have a line that matches (vc|pty) | error | view |
| file /etc/pam.d/system-auth must have a line that matches password.*pam_cracklib.so.*minlen | pass | view |
| gentoo variable USE must contain pam | pass | view |
| gentoo variable USE must contain tcpd | pass | view |
| gentoo variable USE must contain ssl | pass | view |
| gentoo profile must contain hardened | pass | view |
| gentoo variable GCC_SPECS must be | pass | view |
| kernel config CONFIG_GRKERNSEC_TPE must be y | fail | view |
| kernel config CONFIG_GRKERNSEC must be y | pass | view |
| kernel config CONFIG_PAX must be y | pass | view |
| kernel config CONFIG_PAX_NOEXEC must be y | pass | view |
| kernel config CONFIG_PAX_....EXEC must be y | pass | view |
| kernel config CONFIG_PAX_MPROTECT must be y | pass | view |
| kernel config CONFIG_PAX_ASLR must be y | pass | view |
| kernel config CONFIG_PAX_RANDKSTACK must be y | fail | view |
| kernel config CONFIG_PAX_RANDUSTACK must be y | pass | view |
| kernel config CONFIG_PAX_RANDMMAP must be y | pass | view |
| kernel config CONFIG_GRKERNSEC_PROC must be y | pass | view |
| kernel config CONFIG_GRKERNSEC_PROC_USER must be y | fail | view |
| kernel config CONFIG_GRKERNSEC_PROC_USERGROUP must be y | pass | view |
| kernel config CONFIG_GRKERNSEC_PROC_ADD must be y | pass | view |
| kernel config CONFIG_GRKERNSEC_LINK must be y | pass | view |
| kernel config CONFIG_GRKERNSEC_FIFO must be y | pass | view |
| kernel config CONFIG_GRKERNSEC_CHROOT must be y | pass | view |
| kernel config CONFIG_GRKERNSEC_CHROOT_MOUNT must be y | pass | view |
| kernel config CONFIG_GRKERNSEC_CHROOT_DOUBLE must be y | pass | view |
| kernel config CONFIG_GRKERNSEC_CHROOT_PIVOT must be y | pass | view |
| kernel config CONFIG_GRKERNSEC_CHROOT_CHDIR must be y | pass | view |
| kernel config CONFIG_GRKERNSEC_CHROOT_CHMOD must be y | pass | view |
| kernel config CONFIG_GRKERNSEC_CHROOT_FCHDIR must be y | pass | view |
| kernel config CONFIG_GRKERNSEC_CHROOT_MKNOD must be y | pass | view |
| kernel config CONFIG_GRKERNSEC_CHROOT_SHMAT must be y | pass | view |
| kernel config CONFIG_GRKERNSEC_CHROOT_UNIX must be y | pass | view |
| kernel config CONFIG_GRKERNSEC_CHROOT_FINDTASK must be y | pass | view |
| kernel config CONFIG_GRKERNSEC_CHROOT_NICE must be y | pass | view |
| kernel config CONFIG_GRKERNSEC_CHROOT_SYSCTL must be y | pass | view |
| kernel config CONFIG_GRKERNSEC_CHROOT_CAPS must be y | pass | view |
Result for /home is a separate file system
Result: pass
Rule ID: rule-partition-home
Time: 2011-12-23 21:50
/home is a separate file system
Result for mount point /home is mounted with nosuid option
Result: pass
Rule ID: rule-home-mount-nosuid
Time: 2011-12-23 21:50
mount point /home is mounted with nosuid option
Result for mount point /home is mounted with nodev option
Result: pass
Rule ID: rule-home-mount-nodev
Time: 2011-12-23 21:50
mount point /home is mounted with nodev option
Result for mount point /home is mounted with usrquota option
Result: fail
Rule ID: rule-home-mount-usrquota
Time: 2011-12-23 21:50
mount point /home is mounted with usrquota option
mount point /home is mounted with usrquota option
| mount point | device | fs type | mount options | mount options | mount options | mount options | mount options | mount options | mount options | mount options | mount options | total space | space used | space left |
| /home | /dev/mapper/volgrp-home | EXT4_SUPER_MAGIC | rw | seclabel | nosuid | nodev | noatime | user_xattr | barrier=1 | nodelalloc | data=journal | 15481855 | 5191617 | 10290238 |
Result for mount point /home is mounted with grpquota option
Result: fail
Rule ID: rule-home-mount-grpquota
Time: 2011-12-23 21:50
mount point /home is mounted with grpquota option
mount point /home is mounted with grpquota option
| mount point | device | fs type | mount options | mount options | mount options | mount options | mount options | mount options | mount options | mount options | mount options | total space | space used | space left |
| /home | /dev/mapper/volgrp-home | EXT4_SUPER_MAGIC | rw | seclabel | nosuid | nodev | noatime | user_xattr | barrier=1 | nodelalloc | data=journal | 15481855 | 5191617 | 10290238 |
Result for /tmp is a separate file system of type tmpfs
Result: pass
Rule ID: rule-partition-tmp
Time: 2011-12-23 21:50
/tmp is a separate file system of type tmpfs
Result for mount point /tmp is mounted with nosuid option
Result: pass
Rule ID: rule-tmp-mount-nosuid
Time: 2011-12-23 21:50
mount point /tmp is mounted with nosuid option
Result for mount point /tmp is mounted with nodev option
Result: pass
Rule ID: rule-tmp-mount-nodev
Time: 2011-12-23 21:50
mount point /tmp is mounted with nodev option
Result for mount point /tmp is mounted with noexec option
Result: pass
Rule ID: rule-tmp-mount-noexec
Time: 2011-12-23 21:50
mount point /tmp is mounted with noexec option
Result for file /etc/ssh/sshd_config must have a line that matches ^PermitRootLogin.*no
Result: error
Rule ID: rule-sshd-norootlogin
Time: 2011-12-23 21:50
file /etc/ssh/sshd_config must have a line that matches ^PermitRootLogin.*no
Result for file /etc/ssh/sshd_config may not have a line that matches ^PubkeyAuthentication.*no
Result: error
Rule ID: rule-sshd-pubkeyauth
Time: 2011-12-23 21:50
file /etc/ssh/sshd_config may not have a line that matches ^PubkeyAuthentication.*no
Result for file /etc/ssh/sshd_config may not have a line that matches ^UsePAM.*yes
Result: error
Rule ID: rule-sshd-nousepam
Time: 2011-12-23 21:50
file /etc/ssh/sshd_config may not have a line that matches ^UsePAM.*yes
Result for file /etc/ssh/sshd_config may not have a line that matches ^Protocol.*1.*
Result: error
Rule ID: rule-sshd-proto2
Time: 2011-12-23 21:50
file /etc/ssh/sshd_config may not have a line that matches ^Protocol.*1.*
Result for file /etc/ssh/sshd_config must have a line that matches ^Allow(Users|Groups).*
Result: error
Rule ID: rule-sshd-allowusergroup
Time: 2011-12-23 21:50
file /etc/ssh/sshd_config must have a line that matches ^Allow(Users|Groups).*
Result for file /etc/ssh/sshd_config may not have a line that matches ^UsePrivilegeSeparation.*no
Result: error
Rule ID: rule-sshd-usepriv
Time: 2011-12-23 21:50
file /etc/ssh/sshd_config may not have a line that matches ^UsePrivilegeSeparation.*no
Result for file /etc/ssh/sshd_config must have a line that matches ^AllowTcpForwarding.*no
Result: error
Rule ID: rule-sshd-tcpforward
Time: 2011-12-23 21:50
file /etc/ssh/sshd_config must have a line that matches ^AllowTcpForwarding.*no
Result for file /etc/ssh/sshd_config may not have a line that matches ^X11Forwarding.*yes
Result: error
Rule ID: rule-sshd-x11forward
Time: 2011-12-23 21:50
file /etc/ssh/sshd_config may not have a line that matches ^X11Forwarding.*yes
Result for file /etc/ssh/sshd_config may not have a line that matches ^StrictModes.*no
Result: error
Rule ID: rule-sshd-strictmodes
Time: 2011-12-23 21:50
file /etc/ssh/sshd_config may not have a line that matches ^StrictModes.*no
Result for file /etc/cron.allow must have a line that matches [a-z0-9]*
Result: pass
Rule ID: rule-cron-allow
Time: 2011-12-23 21:50
file /etc/cron.allow must have a line that matches [a-z0-9]*
Result for file /etc/at.allow must have a line that matches *
Result: error
Rule ID: rule-at-allow
Time: 2011-12-23 21:50
file /etc/at.allow must have a line that matches *
Result for sysctl net.ipv4.ip_forward must be 0
Result: fail
Rule ID: rule-sysctl-ipv4-forward
Time: 2011-12-23 21:50
sysctl net.ipv4.ip_forward must be 0
Remediation script
echo 0 > /proc/sys/net/ipv4/ip_forwardsysctl net.ipv4.ip_forward must be 0
| path | content |
| /proc/sys/net/ipv4/ip_forward | 1 |
Result for sysctl net.ipv4.conf.all.rp_filter must be 1
Result: pass
Rule ID: rule-sysctl-ipv4-all-rp_filter
Time: 2011-12-23 21:50
sysctl net.ipv4.conf.all.rp_filter must be 1
Remediation script
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
Result for sysctl net.ipv4.conf.default.rp_filter must be 1
Result: pass
Rule ID: rule-sysctl-ipv4-default-rp_filter
Time: 2011-12-23 21:50
sysctl net.ipv4.conf.default.rp_filter must be 1
Remediation script
echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter
Result for sysctl net.ipv4.conf.all.accept_source_route must be 0
Result: pass
Rule ID: rule-sysctl-ipv4-all-asr
Time: 2011-12-23 21:50
sysctl net.ipv4.conf.all.accept_source_route must be 0
Remediation script
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
Result for sysctl net.ipv4.conf.default.accept_source_route must be 0
Result: pass
Rule ID: rule-sysctl-ipv4-default-asr
Time: 2011-12-23 21:50
sysctl net.ipv4.conf.default.accept_source_route must be 0
Remediation script
echo 0 > /proc/sys/net/ipv4/conf/default/accept_source_route
Result for sysctl net.ipv4.conf.all.accept_redirects must be 0
Result: pass
Rule ID: rule-sysctl-ipv4-all-aredirect
Time: 2011-12-23 21:50
sysctl net.ipv4.conf.all.accept_redirects must be 0
Remediation script
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
Result for sysctl net.ipv4.conf.default.accept_redirects must be 0
Result: pass
Rule ID: rule-sysctl-ipv4-default-aredirect
Time: 2011-12-23 21:50
sysctl net.ipv4.conf.default.accept_redirects must be 0
Remediation script
echo 0 > /proc/sys/net/ipv4/conf/default/accept_redirects
Result for sysctl net.ipv4.icmp_echo_ignore_broadcasts must be 1
Result: pass
Rule ID: rule-sysctl-ipv4-echobroadcast
Time: 2011-12-23 21:50
sysctl net.ipv4.icmp_echo_ignore_broadcasts must be 1
Remediation script
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
Result for sysctl net.ipv4.icmp_ignore_bogus_error_responses must be 1
Result: pass
Rule ID: rule-sysctl-icmpboguserror
Time: 2011-12-23 21:50
sysctl net.ipv4.icmp_ignore_bogus_error_responses must be 1
Remediation script
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
Result for sysctl net.ipv4.conf.all.log_martians must be 1
Result: pass
Rule ID: rule-sysctl-ipv4-all-logmartians
Time: 2011-12-23 21:50
sysctl net.ipv4.conf.all.log_martians must be 1
Remediation script
echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
Result for sysctl net.ipv4.conf.default.log_martians must be 1
Result: pass
Rule ID: rule-sysctl-ipv4-default-logmartians
Time: 2011-12-23 21:50
sysctl net.ipv4.conf.default.log_martians must be 1
Remediation script
echo 1 > /proc/sys/net/ipv4/conf/default/log_martians
Result for file /boot/grub/grub.conf must have a line that matches ^password
Result: error
Rule ID: rule-grub-password
Time: 2011-12-23 21:50
file /boot/grub/grub.conf must have a line that matches ^password
Result for file /etc/securetty may not have a line that matches (vc|pty)
Result: error
Rule ID: rule-securetty
Time: 2011-12-23 21:50
file /etc/securetty may not have a line that matches (vc|pty)
Result for file /etc/pam.d/system-auth must have a line that matches password.*pam_cracklib.so.*minlen
Result: pass
Rule ID: rule-pam-cracklib
Time: 2011-12-23 21:50
file /etc/pam.d/system-auth must have a line that matches password.*pam_cracklib.so.*minlen
Result for gentoo variable USE must contain pam
Result: pass
Rule ID: rule-gentoo-use-pam
Time: 2011-12-23 21:50
gentoo variable USE must contain pam
Result for gentoo variable USE must contain tcpd
Result: pass
Rule ID: rule-gentoo-use-tcpd
Time: 2011-12-23 21:50
gentoo variable USE must contain tcpd
Result for gentoo variable USE must contain ssl
Result: pass
Rule ID: rule-gentoo-use-ssl
Time: 2011-12-23 21:50
gentoo variable USE must contain ssl
Result for gentoo profile must contain hardened
Result: pass
Rule ID: rule-gentoo-profile-hardened
Time: 2011-12-23 21:50
gentoo profile must contain hardened
Remediation script
eselect profile set `eselect profile list | awk /${VALUE}/ {print $2; exit}`
Result for gentoo variable GCC_SPECS must be
Result: pass
Rule ID: rule-gentoo-gccspecs-empty
Time: 2011-12-23 21:50
gentoo variable GCC_SPECS must be
Result for kernel config CONFIG_GRKERNSEC_TPE must be y
Result: fail
Rule ID: rule-kernel-tpe
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_TPE must be y
kernel config CONFIG_GRKERNSEC_TPE must be y
| path | content |
| /home/swift/Development/Local/gentooscap/workdir/kernel-config | CONFIG_GRKERNSEC_TPE is not set |
Result for kernel config CONFIG_GRKERNSEC must be y
Result: pass
Rule ID: rule-kernel-grsec
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC must be y
Result for kernel config CONFIG_PAX must be y
Result: pass
Rule ID: rule-kernel-grsec-pax
Time: 2011-12-23 21:50
kernel config CONFIG_PAX must be y
Result for kernel config CONFIG_PAX_NOEXEC must be y
Result: pass
Rule ID: rule-kernel-grsec-pax-noexec
Time: 2011-12-23 21:50
kernel config CONFIG_PAX_NOEXEC must be y
Result for kernel config CONFIG_PAX_....EXEC must be y
Result: pass
Rule ID: rule-kernel-grsec-pax-anyexec
Time: 2011-12-23 21:50
kernel config CONFIG_PAX_....EXEC must be y
Result for kernel config CONFIG_PAX_MPROTECT must be y
Result: pass
Rule ID: rule-kernel-grsec-pax-mprotect
Time: 2011-12-23 21:50
kernel config CONFIG_PAX_MPROTECT must be y
Result for kernel config CONFIG_PAX_ASLR must be y
Result: pass
Rule ID: rule-kernel-grsec-pax-aslr
Time: 2011-12-23 21:50
kernel config CONFIG_PAX_ASLR must be y
Result for kernel config CONFIG_PAX_RANDKSTACK must be y
Result: fail
Rule ID: rule-kernel-grsec-pax-randkstack
Time: 2011-12-23 21:50
kernel config CONFIG_PAX_RANDKSTACK must be y
kernel config CONFIG_PAX_RANDKSTACK must be y
| path | content |
| /home/swift/Development/Local/gentooscap/workdir/kernel-config | CONFIG_PAX_RANDKSTACK is not set |
Result for kernel config CONFIG_PAX_RANDUSTACK must be y
Result: pass
Rule ID: rule-kernel-grsec-pax-randustack
Time: 2011-12-23 21:50
kernel config CONFIG_PAX_RANDUSTACK must be y
Result for kernel config CONFIG_PAX_RANDMMAP must be y
Result: pass
Rule ID: rule-kernel-grsec-pax-randmmap
Time: 2011-12-23 21:50
kernel config CONFIG_PAX_RANDMMAP must be y
Result for kernel config CONFIG_GRKERNSEC_PROC must be y
Result: pass
Rule ID: rule-kernel-grsec-proc
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_PROC must be y
Result for kernel config CONFIG_GRKERNSEC_PROC_USER must be y
Result: fail
Rule ID: rule-kernel-grsec-proc-user
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_PROC_USER must be y
kernel config CONFIG_GRKERNSEC_PROC_USER must be y
| path | content |
| /home/swift/Development/Local/gentooscap/workdir/kernel-config | CONFIG_GRKERNSEC_PROC_USERGROUP=y |
Result for kernel config CONFIG_GRKERNSEC_PROC_USERGROUP must be y
Result: pass
Rule ID: rule-kernel-grsec-proc-usergroup
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_PROC_USERGROUP must be y
Result for kernel config CONFIG_GRKERNSEC_PROC_ADD must be y
Result: pass
Rule ID: rule-kernel-grsec-proc-add
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_PROC_ADD must be y
Result for kernel config CONFIG_GRKERNSEC_LINK must be y
Result: pass
Rule ID: rule-kernel-grsec-link
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_LINK must be y
Result for kernel config CONFIG_GRKERNSEC_FIFO must be y
Result: pass
Rule ID: rule-kernel-grsec-fifo
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_FIFO must be y
Result for kernel config CONFIG_GRKERNSEC_CHROOT must be y
Result: pass
Rule ID: rule-kernel-grsec-chroot
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_CHROOT must be y
Result for kernel config CONFIG_GRKERNSEC_CHROOT_MOUNT must be y
Result: pass
Rule ID: rule-kernel-grsec-chroot-mount
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_CHROOT_MOUNT must be y
Result for kernel config CONFIG_GRKERNSEC_CHROOT_DOUBLE must be y
Result: pass
Rule ID: rule-kernel-grsec-chroot-double
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_CHROOT_DOUBLE must be y
Result for kernel config CONFIG_GRKERNSEC_CHROOT_PIVOT must be y
Result: pass
Rule ID: rule-kernel-grsec-chroot-pivot
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_CHROOT_PIVOT must be y
Result for kernel config CONFIG_GRKERNSEC_CHROOT_CHDIR must be y
Result: pass
Rule ID: rule-kernel-grsec-chroot-chdir
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_CHROOT_CHDIR must be y
Result for kernel config CONFIG_GRKERNSEC_CHROOT_CHMOD must be y
Result: pass
Rule ID: rule-kernel-grsec-chroot-chmod
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_CHROOT_CHMOD must be y
Result for kernel config CONFIG_GRKERNSEC_CHROOT_FCHDIR must be y
Result: pass
Rule ID: rule-kernel-grsec-chroot-fchdir
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_CHROOT_FCHDIR must be y
Result for kernel config CONFIG_GRKERNSEC_CHROOT_MKNOD must be y
Result: pass
Rule ID: rule-kernel-grsec-chroot-mknod
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_CHROOT_MKNOD must be y
Result for kernel config CONFIG_GRKERNSEC_CHROOT_SHMAT must be y
Result: pass
Rule ID: rule-kernel-grsec-chroot-shmat
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_CHROOT_SHMAT must be y
Result for kernel config CONFIG_GRKERNSEC_CHROOT_UNIX must be y
Result: pass
Rule ID: rule-kernel-grsec-chroot-unix
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_CHROOT_UNIX must be y
Result for kernel config CONFIG_GRKERNSEC_CHROOT_FINDTASK must be y
Result: pass
Rule ID: rule-kernel-grsec-chroot-findtask
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_CHROOT_FINDTASK must be y
Result for kernel config CONFIG_GRKERNSEC_CHROOT_NICE must be y
Result: pass
Rule ID: rule-kernel-grsec-chroot-nice
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_CHROOT_NICE must be y
Result for kernel config CONFIG_GRKERNSEC_CHROOT_SYSCTL must be y
Result: pass
Rule ID: rule-kernel-grsec-chroot-sysctl
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_CHROOT_SYSCTL must be y
Result for kernel config CONFIG_GRKERNSEC_CHROOT_CAPS must be y
Result: pass
Rule ID: rule-kernel-grsec-chroot-caps
Time: 2011-12-23 21:50
kernel config CONFIG_GRKERNSEC_CHROOT_CAPS must be y