From b9dc7fa24e51b914c50ba273f289bd3cff1c785e Mon Sep 17 00:00:00 2001
From: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Tue, 21 Jan 2020 19:49:54 +0000
Subject: [PATCH 1/3] Disable INET socket monitoring interface

---
 usr/share/hardened-kernel/hardened-vm-kernel | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/usr/share/hardened-kernel/hardened-vm-kernel b/usr/share/hardened-kernel/hardened-vm-kernel
index 5d8c1f4..de38187 100644
--- a/usr/share/hardened-kernel/hardened-vm-kernel
+++ b/usr/share/hardened-kernel/hardened-vm-kernel
@@ -981,11 +981,7 @@ CONFIG_INET_TUNNEL=m
 CONFIG_INET_XFRM_MODE_TRANSPORT=m
 CONFIG_INET_XFRM_MODE_TUNNEL=m
 CONFIG_INET_XFRM_MODE_BEET=m
-CONFIG_INET_DIAG=m
-CONFIG_INET_TCP_DIAG=m
-CONFIG_INET_UDP_DIAG=m
-CONFIG_INET_RAW_DIAG=m
-CONFIG_INET_DIAG_DESTROY=y
+# CONFIG_INET_DIAG is not set
 CONFIG_TCP_CONG_ADVANCED=y
 CONFIG_TCP_CONG_BIC=m
 CONFIG_TCP_CONG_CUBIC=y

From f7ea3bea65395f9a09493d5480faecda2d145834 Mon Sep 17 00:00:00 2001
From: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Tue, 21 Jan 2020 19:50:27 +0000
Subject: [PATCH 2/3] Disable INET socket monitoring interface

---
 usr/share/hardened-kernel/hardened-host-kernel | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/usr/share/hardened-kernel/hardened-host-kernel b/usr/share/hardened-kernel/hardened-host-kernel
index 468530d..cfac26e 100644
--- a/usr/share/hardened-kernel/hardened-host-kernel
+++ b/usr/share/hardened-kernel/hardened-host-kernel
@@ -1036,11 +1036,7 @@ CONFIG_INET_TUNNEL=m
 CONFIG_INET_XFRM_MODE_TRANSPORT=m
 CONFIG_INET_XFRM_MODE_TUNNEL=m
 CONFIG_INET_XFRM_MODE_BEET=m
-CONFIG_INET_DIAG=m
-CONFIG_INET_TCP_DIAG=m
-CONFIG_INET_UDP_DIAG=m
-CONFIG_INET_RAW_DIAG=m
-CONFIG_INET_DIAG_DESTROY=y
+# CONFIG_INET_DIAG is not set
 CONFIG_TCP_CONG_ADVANCED=y
 CONFIG_TCP_CONG_BIC=m
 CONFIG_TCP_CONG_CUBIC=y

From d1b0bc2f47687bb25f5359cd91df7b0e22d347e4 Mon Sep 17 00:00:00 2001
From: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Tue, 21 Jan 2020 19:51:21 +0000
Subject: [PATCH 3/3] Enable socket monitoring interface in debug config

---
 usr/share/hardened-kernel/debugging-config | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/usr/share/hardened-kernel/debugging-config b/usr/share/hardened-kernel/debugging-config
index 6f2dbc2..38b4740 100644
--- a/usr/share/hardened-kernel/debugging-config
+++ b/usr/share/hardened-kernel/debugging-config
@@ -116,3 +116,9 @@ CONFIG_DEBUG_BOOT_PARAMS=n
 CONFIG_COREDUMP=y
 CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y
 CONFIG_ELF_CORE=y
+
+CONFIG_INET_DIAG=m
+CONFIG_INET_TCP_DIAG=m
+CONFIG_INET_UDP_DIAG=m
+CONFIG_INET_RAW_DIAG=m
+CONFIG_INET_DIAG_DESTROY=y