Бруй В.В., Карлов С.В. - Linux-сервер - пошаговые инструкции - инсталляции и настройки (1077321), страница 31
Текст из файла (страница 31)
Инсталляция операционной системы Linux на сервереOS/2 HPFS file system support (CONFIG_HPFS_FS) [N/y/m/?] <Enter>/proc file system support (CONFIG_PROC_FS) [Y/n/?] <Enter>/dev/pts file system for Unix98 PTYs (CONFIG_DEVPTS_FS) [Y/n/?] <Enter>ROM file system support (CONFIG_ROMFS_FS) [N/y/m/?] <Enter>Second extended fs support (CONFIG_EXT2_FS) [Y/m/n/?] <Enter>System V/Xenix/V7/Coherent file system support (CONFIG_SYSV_FS) [N/y/m/?]<Enter>UDF file system support (read only) (CONFIG_UDF_FS) [N/y/m/?] <Enter>UFS file system support (read only) (CONFIG_UFS_FS) [N/y/m/?] <Enter>** Network File Systems*Coda file system support (advanced network fs) (CONFIG_CODA_FS) [N/y/m/?]<Enter>NFS file system support (CONFIG_NFS_FS) [Y/m/n/?] <n>NFS server support (CONFIG_NFSD) [Y/m/n/?] nSMB file system support (to mount Windows shares etc.) (CONFIG_SMB_FS)[N/y/m/?] <Enter>NCP file system support (to mount NetWare volumes) (CONFIG_NCP_FS)[N/y/m/?] <Enter>** Partition Types*Advanced partition selection (CONFIG_PARTITION_ADVANCED) [N/y/?] <Enter>*Native Language Support*Default NLS Option (CONFIG_NLS_DEFAULT) [ISO8859-l] (NEW) <Enter>Codepage 437 (United States, Canada) (CONFIG_NLS_CODEPAGE_437) [N/y/m/'?](NEW) <Enter>Codepage 737 (Greek) (CONFIG_NLS_CODEPAGE_737) [N/y/m/?] (NEW) <Enter>Codepage 775 (Baltic Rim) (CONFIG_NLS_CODEPAGE_775) [N/y/m/?] (NEW) <Enter>Codepage 850 (Europe) (CONFIG_NLS_CODEPAGE_850) [N/y/m/?] (NEW) <Enter>Codepage 852 (Central/Eastern Europe) (CONFIG_NLS_CODEPAGE_852) [N/y/m/?](NEW) <Enter>Codepage 855 (Cyrillic) (CONFIG_NLS_CODEPAGE_855) [N/y/m/?] (NEW) <Enter>Codepage 857 (Turkish) (CONFIG_NLS_CODEPAGE_857) [N/y/m/?] (NEW) <Enter>Codepage 860 (Portuguese) (CONFIG_NLS_CODEPAGE_860) [N/y/m/?] (NEW) <Enter>Codepage 861 (Icelandic) (CONFIG_NLS_CODEPAGE_861) [N/y/m/?] (NEW) <Enter>Codepage 862 (Hebrew) (CONFIG_NLS_CODEPAGE_862) [N/y/m/?] (NEW) <Enter>Codepage 863 (Canadian French) (CONFIG_NLS_CODEPAGE_863) [N/y/m/?] (NEW)<Enter>Codepage 864 (Arabic) (CONFIG_NLS_CODEPAGE_864) [N/y/m/?] (NEW) <Enter>Codepage 865 (Norwegian, Danish) (CONFIG_NLS_CODEPAGE_865) [N/y/m/?](NEW) <Enter>Codepage 866 (Cyrillic/Russian) (CONFIG_NLS_CODEPAGE_866) [N/y/m/?] (NEW)<y>Codepage 869 (Greek) (CONFIG_NLS_CODEPAGE_869) [N/y/m/?] (NEW) <Enter>Simplified Chinese charset (CP936, GB2312) (CONFIG_NLS_CODEPAGE_936)[N/y/m/?] (NEW) <Enter>Traditional Chinese charset (Big5) (CONFIG_NLS_CODEPAGE_950) [N/y/m/?](NEW) <Enter>Japanese charsets (Shift-JIS, EUC-JP) (CONFIG_NLS_CODEPAGE_932) [N/y/m/?](NEW) <Enter>Korean charset (CP949, EUC-KR) (CONFIG_NLS_CODEPAGE_949) [N/y/m/?] (NEW)<Enter>Thai charset (CP874, TIS-620) (CONFIG_NLS_CODEPAGE_874) [N/y/m/?] (NEW)<Enter>Hebrew charsets (ISO-8859-8, CP1255) (CONFIG_NLS_IS08859_8) [N/y/m/?](NEW) <Enter>Глава 6.
Безопасность и оптимизация ядра103Windows CP1250 (Slavic/Central European Languages)(CONFIG_NLS_CODEPAGE_1250) [N/y/m/?] (NEW) <Enter>Windows CP1251 (Bulgarian, Belarusian) (CONFIG_NLS_CODEPAGE_1251)[N/y/m/?] (NEW) <y>NLS ISO 8859-1 (Latin 1; Western European Languages) (CONFIG_NLS_IS088591) [N/y/m/?] (NEW) <Enter>NLS ISO 8859-2 (Latin 2; Slavic/Central European Languages)(CONFIG_NLS_IS08859_2) [N/y/m/?] (NEW) <Enter>NLS ISO 8859-3 (Latin 3; Esperanto, Galician, Maltese, Turkish)(CONFIG_NLS_IS08859 3) [N/y/m/?] (NEW) <Enter>NI.S ISO 8859-4 (Latin 4; old Baltic charset) (CONFIG_NLS_IS08859_4)[N/y/m/?] (NEW) <Enter>NLS ISO 8859-5 (Cyrillic) (CONFIG_NLS_IS08859_5) [N/y/m/?] (NEW) <y>HIS ISO 8859-6 (Arabic) (CONFIG_NLS_IS08859_6) [N/y/m/?] (NEW) <Enter>NLS ISO 8859-7 (Modern Greek) (CONFIG_NLS_IS08859_7) [N/y/m/?] (NEW) <Enter>NLS ISO 8859-9 (Latin 5; Turkish) (CONFIG_NLS_IS08859_9) [N/y/m/?] (NEW)<Enter>NLS ISO 8859-13 (Latin 7; Baltic) (CONFIG_NLS_IS08859_13) [N/y/m/?] (NEW)<Enter>NLS ISO 8859-14 (Latin 8; Celtic) (CONFIG_NLS_IS08859_14) [N/y/m/?] (NEW)<Enter>NLS ISO 8859-15 (Latin 9; Western European Languages with Euro)(CONFIG_NLS IS08859 15) [N/y/m/?] (NEW) <Enter>NLS K018-R (Russian) (CONFIG_NLS_K018_R) [N/y/m/?] (NEW) <Enter>NLS K018-D/RU (Ukrainian, Belarusian) (CONFIG_NLS_K018_U) [N/y/m/?] (NEW)<Enter>NLS UTF8 (CONFIG_NLS_UTF8) [N/y/m/?] (NEW) <Enter>** Console drivers*VGA text console (CONFIG_VGA_CONSOLE) [Y/n/?] <Enter>Video mode selection support (CONFIG_VIDEO_SELECT) [N/y/?] <Enter>**Sound*Sound card support (CONFIG_SOUND) [Y/m/n/?] <n>**USB support*Support for USB (CONFIG_USB) [Y/m/n/?] <n>**USB Controllers***USB Device Class drivers** SCSI support is needed for USB Storage*** USB Human Interface Devices (HID)*** Input core support is needed for USB HID*** USB Imaging devices** USB Multimedia devices*** Video4Linux support is needed for USB Multimedia device support**104Часть 1.
Инсталляция операционной системы Linux на сервере* USB Network adapters*** USB port drivers*** USB Serial Converter support*** USB Miscellaneous drivers*** Kernel hacking*Kernel debugging (CONFIG_DEBUG_KERNEL) [N/y/?] <Enter>**Graecurity*Grsecurity (CONFIG_GRKERNSEC) [N/y/?] <y>Security level (Low, Medium, High, Customized) [Customized] <Enter>** Buffer Overflow Protection*Openwall non-executable stack (CONFIG_GRKERNSEC_STACK) [N/y/?] <y>Gee trampoline support (CONFIG_GRKERNSEC_STACK_GCC) [N/y/?] <Enter>Read-only kernel memory (CONFIG_GRKERNSEC_KMEM) [N/y/?] <y>*Access Control Lists*Grsecurity ACL system (CONFIG_GRKERNSEC_ACL) [N/y/?] <y>ACL Debugging Messages (CONFIG_GR_DEBUG) [N/y/?] <y>Extra ACL Debugging Messages (CONFIG_GR_SUPERDEBUG) [N/y/?] <Enter>Denied capability logging (CONFIG_GRKERNSEC_ACL_CAPLOG) [N/y/?] <y>Path to gradm (CONFIG_GRADM_PATH) [/sbin/gradm] <Enter>Maximum tries before password lockout (CONFIG_GR_MAXTRIES) [3] 2Time to wait after max password tries, in seconds (CONFIG_GR_TIMEOUT)[30] <Enter>*Filesystem Protections*Proc restrictions (CONFIG_GRKERNSEC_PROC) [N/y/?] <y>Restrict to user only (CONFIG_GRKERNSEC_PROC_USER) [N/y/?] <y>Additional restrictions (CONFIG_GRKERNSEC_PROC_ADD) tN/y/?] <y>Linking restrictions (CONFIG_GRKERNSEC_LINK) [N/y/?] <y>FIFO restrictions (CONFIG_GRKERNSEC_FIFO) [N/y/?] <y>Secure file descriptors (CONFIG_GRKERNSEC_FD) [N/y/?] <y>Chroot-jail restrictions (CONFIG_GRKERNSEC_CHROOT) [N/y/?] <y>Restricted signals (CONFIG_GRKERNSEC_CHROOT_SIG) [N/y/?] <y>Deny mounts (CONFIG_GRKERNSEC_CHROOT_MOUNT) [N/y/?] <y>Deny double-chroots (CONFIG_GRKERNSEC_CHROOT_DOUBLE) [N/y/?] <y>Enforce chdir("/") on all chroots (CONFIG_GRKERNSEC_CHROOT_CHDIR) [N/y/?]<y>Deny (f)chmod +s (CONFIG_GRKERNSEC_CHROOT_CHMOD) [N/y/?] <y>Deny mknod (CONFIG_GRKERNSEC_CHROOT_MKNOD) [N/y/?] <y>Deny ptraces (CONFIG_GRKERNSEC_CHROOT_PTRACE) [N/y/?] <y>Restrict priority changes (CONFIG_GRKERNSEC_CHROOT_NICE) [N/y/?] <y>Capability restrictions within chroot (CONFIG_GRKERNSEC_CHROOT_CAPS)[N/y/?] <Enter>Secure keymap loading (CONFIG_GRKERNSEC_KBMAP) [N/y/?] <y>*Kernel Auditing*Single group for auditing (CONFIG_GRKERNSEC_AUDIT_GROUP) [N/y/?] <Enter>Exec logging (CONFIG_GRKERNSEC_EXECLOG) [N/y/?] <Enter>Глава 6.
Безопасность и оптимизация ядра105Log execs within chroot (CONFIG_GRKERNSEC_CHROOT_EXECLOG) [N/y/?] <y>Chdir logging (CONFIG_GRKERNSEC_AUDIT_CHDIR) [N/y/?] <Enter>(Un)Mount logging (COHFIG_GRKERNSEC_AUDIT_MOUNT) [N/y/?] <Enter>IPC logging (CONFIG_GRKERNSEC_AUDIT_IPC) [N/y/?] <y>Ptrace logging (CONFIG_GRKERNSEC_AUDIT_PTRACE) [N/y/?] <Enter>Signal logging (CONFIG_GRKERNSEC_SIGNAL) [N/y/?] <y>Fork failure logging (CONFIG_GRKERNSEC_FORKFAIL) [N/y/?] <y>Set*id logging (CONFIG_GRKERNSEC_SUID) [N/y/?] <Enter>Log set*ids to root (CONFIG_GRKERNSEC_SUID_ROOT) [N/y/?] <y>Time change logging (CONFIG_GRKERNSEC_TIME) [N/y/?] <y>**Executable Protections*Exec process limiting (CONFIG_GRKERNSEC_EXECVE) [N/y/?] <y>Dmesg(8) restriction (CONFIG_GRKERNSEC_DMESG) [N/y/?] <y>Randomized PIDs (CONFIG_GRKERNSEC_RANDPID) [N/y/?] <y>Altered default IPC permissions (CONFIG_GRKERNSEC_IPC) [N/y/?] <Enter>imit uid/gid changes to root (CONFIG_GRKERNSEC_TTYROOT) [N/y/?] <y>Deny physical consoles (tty) (CONFIG_GRKERNSEC_TTYROOT_PHYS) [N/y/?] <Enter>Deny serial consoles (ttyS) (CONFIG_GRKERNSEC_TTYROOT_SERIAL) [N/y/?] <y>Deny pseudo consoles (pty) (CONFIG_GRKERNSEC_TTYROOT_PSEUDO) [N/y/?] <Enter>Fork-bomb protection (CONFIG_GRKERNSEC_FORKBOMB) [N/y/?] <y>GID for restricted users (CONFIG_GRKERNSEC_FORKBOMB_GID) [1006] <Enter>Forks allowed per second (CONFIG_GRKERNSEC_FORKBOMB_SEC) [40] <Enter>Maximum processes allowed (CONFIG_GRKERNSEC_FORKBOMB_MAX) [20] 33Trusted path execution (CONFIG_GRKERNSEC_TPE) [N/y/?] <y>Glibc protection (CONFIG_GRKERNSEC_TPE_GLIBC) [N/y/?] <y>Partially restrict non-root users (CONFIG_GRKERNSEC_TPE_ALL) [N/y/?] <y>GID for untrusted users: (CONFIG_GRKERNSEC_TPE_GID) [1005] <Enter>Restricted ptrace (CONFIG_GRKERNSEC_PTRACE) [N/y/?] <y>Allow ptrace for group (CONFIG_GRKERNSEC_PTRACE_GROUP) [N/y/?] <Enter>**Network Protections*Randomized IP IDs (CONFIG_GRKERNSEC_RANDID) [N/y/?] <y>Randomized TCP source ports (CONFIG_GRKERNSEC_RANDSRC) [N/y/?] <y>Randomized RPC XIDs (CONFIG_GRKERNSEC_RANDRPC) [N/y/?] <y>Altered Ping IDs (CONFIG_GRKERNSEC_RANDPING) [N/y/?] <y>Randomized TTL (CONFIG_GRKERNSEC_RANDTTL) [N/y/?] <y>Socket restrictions (CONFIG_GRKERNSEC_SOCKET) [N/y/?] <y>Deny any sockets to group (CONFIG_GRKERNSEC_SOCKET_ALL) [N/y/?] <y>GID to deny all sockets for: (CONFIG_GRKERNSEC_SOCKET_ALI_GID) [1004]<Enter>Deny client sockets to group (CONFIG_GRKERNSEC_SOCKET_CLIENT) [N/y/?]<Enter>Deny server sockets to group (CONFIG_GRKERNSEC_SOCKET_SERVER) [N/y/?]<Enter>*Syactl support*Sysctl support (CONFIG_GRKERNSEC_SYSCTL) [N/y/?] <Enter>**Miscellaneous Features*Seconds in between log messages (minimum) (CONFIG_GRKERNSEC_FLOODTIME)[30] <Enter>BSD-style coredumps (CONFIG_GRKERNSEC_COREDUMP) [N/y/?] <y>*** End of Linux kernel configuration.*** Check the top-level Makefile for additional configuration.*** Next, you must run 'make dep'.106Часть 1.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
