By default |
||
Available |
||
Unimplemented |
||
feature |
wheezy |
jessie |
No Open Ports |
Minimal install does not listen ports |
Minimal install does not listen ports |
Password hashing |
||
SYN cookies |
||
Filesystem Capabilities |
acl and CONFIG_EXT4_FS_SECURITY |
acl and CONFIG_EXT4_FS_SECURITY |
Configurable Firewall |
||
Cloud PRNG seed |
|
|
PR_SET_SECCOMP |
By default. Examples 1 |
By default. Examples 1 |
SELinux |
||
SMACK |
Available since 2.6.25 kernel |
Available since 2.6.25 kernel |
Encrypted LVM |
||
eCryptfs |
ecryptfs-utils |
ecryptfs-utils |
Stack Protector |
<#00dd00>package list |
? |
Heap Protector |
? |
? |
Pointer Obfuscation |
? |
? |
Stack ASLR |
? |
? |
Libs/mmap ASLR |
? |
? |
Exec ASLR |
? |
? |
brk ASLR |
? |
? |
VDSO ASLR |
? |
? |
Built as PIE |
? |
? |
Built with Fortify Source |
? |
? |
Built with RELRO |
? |
? |
Built with BIND_NOW |
? |
? |
Non-Executable Memory |
? |
? |
/proc/$pid/maps protection |
? |
? |
Symlink restrictions |
kernel |
kernel |
Hardlink restrictions |
kernel |
kernel |
ptrace scope |
? |
? |
0-address protection |
kernel |
kernel |
/dev/mem protection |
? |
? |
/dev/kmem disabled |
? |
? |
Block module loading |
? |
? |
Read-only data sections |
? |
? |
Stack protector |
? |
? |
Module RO/NX |
? |
? |
Kernel Address Display Restriction |
? |
? |
Blacklist Rare Protocols |
? |
? |
Syscall Filtering |
? |
? |
Block kexec |
? |
? |