#Chdir logging
kernel.grsecurity.audit_chdir
#Single group for auditing
kernel.grsecurity.audit_gid
#Single group for auditing
kernel.grsecurity.audit_group
#(Un)Mount logging
kernel.grsecurity.audit_mount
#Ptrace logging
kernel.grsecurity.audit_ptrace
#Log execs within chroot
kernel.grsecurity.chroot_execlog
#Exec logging
kernel.grsecurity.exec_logging
#Fork failure logging
kernel.grsecurity.forkfail_logging
#Resource logging
kernel.grsecurity.resource_logging
#Denied RWX mmap/mprotect logging
kernel.grsecurity.rwxmap_logging
#Signal logging
kernel.grsecurity.signal_logging
#Time change logging
kernel.grsecurity.timechange_logging
#Capability restrictions
kernel.grsecurity.chroot_caps
#Deny bad renames
kernel.grsecurity.chroot_deny_bad_rename
#Deny (f)chmod +s
kernel.grsecurity.chroot_deny_chmod
#Deny double-chroots
kernel.grsecurity.chroot_deny_chroot
#Deny fchdir and fhandle out of chroot
kernel.grsecurity.chroot_deny_fchdir
#Deny mknod
kernel.grsecurity.chroot_deny_mknod
#Deny mounts
kernel.grsecurity.chroot_deny_mount
#Deny pivot_root in chroot
kernel.grsecurity.chroot_deny_pivot
#Deny shmat() out of chroot
kernel.grsecurity.chroot_deny_shmat
#Deny sysctl writes
kernel.grsecurity.chroot_deny_sysctl
#Deny access to abstract AF_UNIX sockets out of chroot
kernel.grsecurity.chroot_deny_unix
#Enforce chdir(
kernel.grsecurity.chroot_enforce_chdir
#Protect outside processes
kernel.grsecurity.chroot_findtask
#Restrict priority changes
kernel.grsecurity.chroot_restrict_nice
#Disallow access to overly-permissive IPC objects
kernel.grsecurity.harden_ipc
#TCP/UDP blackhole and LAST_ACK DoS prevention
kernel.grsecurity.ip_blackhole
#Deny any sockets to group
kernel.grsecurity.socket_all
#Deny any sockets to group
kernel.grsecurity.socket_all_gid
#Deny client sockets to group
kernel.grsecurity.socket_client
#Deny client sockets to group
kernel.grsecurity.socket_client_gid
#Deny server sockets to group
kernel.grsecurity.socket_server
#Deny server sockets to group
kernel.grsecurity.socket_server_gid
#Enforce consistent multithreaded privileges
kernel.grsecurity.consistent_setxid
#Deter exploit bruteforcing
kernel.grsecurity.deter_bruteforce
#Disable privileged I/O
kernel.grsecurity.disable_priv_io
#Dmesg(8) restriction
kernel.grsecurity.dmesg
#Kernel-enforced SymlinksIfOwnerMatch
kernel.grsecurity.enforce_symlinksifowner
#FIFO restrictions
kernel.grsecurity.fifo_restrictions
#Deter ptrace-based process snooping
kernel.grsecurity.harden_ptrace
#TCP/UDP blackhole and LAST_ACK DoS prevention
kernel.grsecurity.lastack_retries
#Linking restrictions
kernel.grsecurity.linking_restrictions
#Require read access to ptrace sensitive binaries
kernel.grsecurity.ptrace_readexec
#Runtime read-only mount protection
kernel.grsecurity.romount_protect
#Kernel-enforced SymlinksIfOwnerMatch
kernel.grsecurity.symlinkown_gid
#Trusted Path Execution (TPE)
kernel.grsecurity.tpe
#Trusted Path Execution (TPE)
kernel.grsecurity.tpe_gid
#Invert GID option
kernel.grsecurity.tpe_invert
#Partially restrict all non-root users
kernel.grsecurity.tpe_restrict_all
#Pax softmode - Changing this is not recommended!
kernel.pax.softmode
#Lock a grsec sysctl on a running system
kernel.grsecurity.grsec_lock