By default

Available

Unimplemented

feature

wheezy

jessie

No Open Ports

?

?

Password hashing

?

?

SYN cookies

?

?

Filesystem Capabilities

?

?

Configurable Firewall

?

?

Cloud PRNG seed

?

?

PR_SET_SECCOMP

?

?

AppArmor

?

?

SELinux

?

?

SMACK

?

?

Encrypted LVM

installation

installation

eCryptfs

ecryptfs-utils

ecryptfs-utils

Stack Protector

?

?

Heap Protector

?

?

Pointer Obfuscation

?

?

Stack ASLR

?

?

Libs/mmap ASLR

?

?

Exec ASLR

?

?

brk ASLR

?

?

VDSO ASLR

?

?

Built as PIE

?

?

Built with Fortify Source

?

?

Built with RELRO

?

?

Built with BIND_NOW

?

?

Non-Executable Memory

?

?

/proc/$pid/maps protection

?

?

Symlink restrictions

?

?

Hardlink restrictions

?

?

ptrace scope

?

?

0-address protection

?

?

/dev/mem protection

?

?

/dev/kmem disabled

?

?

Block module loading

?

?

Read-only data sections

?

?

Stack protector

?

?

Module RO/NX

?

?

Kernel Address Display Restriction

?

?

Blacklist Rare Protocols

?

?

Syscall Filtering

?

?

Block kexec

?

?