Differences between revisions 18 and 19
Revision 18 as of 2014-08-30 11:58:07
Size: 3073
Editor: ?jmmdebian
Comment:
Revision 19 as of 2014-08-30 12:03:53
Size: 3348
Editor: ?jmmdebian
Comment:
Deletions are marked like this. Additions are marked like this.
Line 17: Line 17:
|| Stack Protector || <#00dd00>package list || ? ||
|| Heap Protector || ? || ? ||
|| Pointer Obfuscation || ? || ? ||
|| Stack ASLR || ? || ? ||
|| Libs/mmap ASLR || ? || ? ||
|| Exec ASLR || ? || ? ||
|| brk ASLR || ? || ? ||
|| VDSO ASLR || ? || ? ||
|| Built as PIE || ? || ? ||
|| Built with Fortify Source || ? || ? ||
|| Built with RELRO || ? || ? ||
|| Built with BIND_NOW || ? || ? ||
|| Stack Protector || yes, package list || yes, package list ||
|| Stack Protector (strong) || no || yes, package list
||
|| Heap Protector || glibc || glibc ||
|| Pointer Obfuscation || glibc || glibc ||
|| Stack ASLR || kernel || kernel ||
|| Libs/mmap ASLR || kernel || kernel ||
|| Exec ASLR || kernel || kernel ||
|| brk ASLR || kernel || kernel ||
|| VDSO ASLR || kernel || kernel ||
|| Built as PIE || yes, package list || yes, package list ||
|| Built with Fortify Source || yes, package list || yes, package list ||
|| Built with RELRO || yes, package list || yes, package list ||
|| Built with BIND_NOW || yes, package list || yes, package list ||
Line 42: Line 43:
|| Blacklist Rare Protocols || ? || ? || || Blacklist Rare Protocols || kernel || kernel ||

By default

Available

Unimplemented

feature

wheezy

jessie

No Open Ports

Minimal install does not listen ports

Minimal install does not listen ports

Password hashing

Manual Chapter 4. Authentication

Manual Chapter 4. Authentication

SYN cookies

Guide also #520668

Guide also #520668

Filesystem Capabilities

acl and CONFIG_EXT4_FS_SECURITY

acl and CONFIG_EXT4_FS_SECURITY

Configurable Firewall

iptables

iptables

Cloud PRNG seed

PR_SET_SECCOMP

By default. Examples 1

By default. Examples 1

AppArmor

AppArmor

AppArmor

SELinux

wiki

wiki

SMACK

Available since 2.6.25 kernel

Available since 2.6.25 kernel

Encrypted LVM

installation

installation

eCryptfs

ecryptfs-utils

ecryptfs-utils

Stack Protector

yes, package list

yes, package list

Stack Protector (strong)

no

yes, package list

Heap Protector

glibc

glibc

Pointer Obfuscation

glibc

glibc

Stack ASLR

kernel

kernel

Libs/mmap ASLR

kernel

kernel

Exec ASLR

kernel

kernel

brk ASLR

kernel

kernel

VDSO ASLR

kernel

kernel

Built as PIE

yes, package list

yes, package list

Built with Fortify Source

yes, package list

yes, package list

Built with RELRO

yes, package list

yes, package list

Built with BIND_NOW

yes, package list

yes, package list

Non-Executable Memory

?

?

/proc/$pid/maps protection

?

?

Symlink restrictions

kernel

kernel

Hardlink restrictions

kernel

kernel

ptrace scope

?

?

0-address protection

kernel

kernel

/dev/mem protection

?

?

/dev/kmem disabled

?

?

Block module loading

?

?

Read-only data sections

?

?

Stack protector

?

?

Module RO/NX

?

?

Kernel Address Display Restriction

?

?

Blacklist Rare Protocols

kernel

kernel

Syscall Filtering

?

?

Block kexec

?

?