3073
Comment:
|
3348
|
Deletions are marked like this. | Additions are marked like this. |
Line 17: | Line 17: |
|| Stack Protector || <#00dd00>package list || ? || || Heap Protector || ? || ? || || Pointer Obfuscation || ? || ? || || Stack ASLR || ? || ? || || Libs/mmap ASLR || ? || ? || || Exec ASLR || ? || ? || || brk ASLR || ? || ? || || VDSO ASLR || ? || ? || || Built as PIE || ? || ? || || Built with Fortify Source || ? || ? || || Built with RELRO || ? || ? || || Built with BIND_NOW || ? || ? || |
|| Stack Protector || yes, package list || yes, package list || || Stack Protector (strong) || no || yes, package list || || Heap Protector || glibc || glibc || || Pointer Obfuscation || glibc || glibc || || Stack ASLR || kernel || kernel || || Libs/mmap ASLR || kernel || kernel || || Exec ASLR || kernel || kernel || || brk ASLR || kernel || kernel || || VDSO ASLR || kernel || kernel || || Built as PIE || yes, package list || yes, package list || || Built with Fortify Source || yes, package list || yes, package list || || Built with RELRO || yes, package list || yes, package list || || Built with BIND_NOW || yes, package list || yes, package list || |
Line 42: | Line 43: |
|| Blacklist Rare Protocols || ? || ? || | || Blacklist Rare Protocols || kernel || kernel || |
By default |
||
Available |
||
Unimplemented |
||
feature |
wheezy |
jessie |
No Open Ports |
Minimal install does not listen ports |
Minimal install does not listen ports |
Password hashing |
||
SYN cookies |
||
Filesystem Capabilities |
acl and CONFIG_EXT4_FS_SECURITY |
acl and CONFIG_EXT4_FS_SECURITY |
Configurable Firewall |
||
Cloud PRNG seed |
|
|
PR_SET_SECCOMP |
By default. Examples 1 |
By default. Examples 1 |
SELinux |
||
SMACK |
Available since 2.6.25 kernel |
Available since 2.6.25 kernel |
Encrypted LVM |
||
eCryptfs |
ecryptfs-utils |
ecryptfs-utils |
Stack Protector |
yes, package list |
yes, package list |
Stack Protector (strong) |
no |
yes, package list |
Heap Protector |
glibc |
glibc |
Pointer Obfuscation |
glibc |
glibc |
Stack ASLR |
kernel |
kernel |
Libs/mmap ASLR |
kernel |
kernel |
Exec ASLR |
kernel |
kernel |
brk ASLR |
kernel |
kernel |
VDSO ASLR |
kernel |
kernel |
Built as PIE |
yes, package list |
yes, package list |
Built with Fortify Source |
yes, package list |
yes, package list |
Built with RELRO |
yes, package list |
yes, package list |
Built with BIND_NOW |
yes, package list |
yes, package list |
Non-Executable Memory |
? |
? |
/proc/$pid/maps protection |
? |
? |
Symlink restrictions |
kernel |
kernel |
Hardlink restrictions |
kernel |
kernel |
ptrace scope |
? |
? |
0-address protection |
kernel |
kernel |
/dev/mem protection |
? |
? |
/dev/kmem disabled |
? |
? |
Block module loading |
? |
? |
Read-only data sections |
? |
? |
Stack protector |
? |
? |
Module RO/NX |
? |
? |
Kernel Address Display Restriction |
? |
? |
Blacklist Rare Protocols |
kernel |
kernel |
Syscall Filtering |
? |
? |
Block kexec |
? |
? |