+ -c CONFIG, --config CONFIG
+ check the security hardening options in the kernel Kconfig file
+ (also supports *.gz files)
+ -l CMDLINE, --cmdline CMDLINE
+ check the security hardening options in the kernel cmdline file
+ (contents of /proc/cmdline)
+ -s SYSCTL, --sysctl SYSCTL
+ check the security hardening options in the sysctl output file
+ (`sudo sysctl -a > file`)
+ -p {X86_64,X86_32,ARM64,ARM}, --print {X86_64,X86_32,ARM64,ARM}
+ print the security hardening recommendations for the selected
+ microarchitecture
+ -g {X86_64,X86_32,ARM64,ARM}, --generate {X86_64,X86_32,ARM64,ARM}
+ generate a Kconfig fragment with the security hardening options
+ for the selected microarchitecture