- -m {verbose,json,show_ok,show_fail}, --mode {verbose,json,show_ok,show_fail}
- choose the report mode
+ (contents of /proc/cmdline)
+ -s SYSCTL, --sysctl SYSCTL
+ check the security hardening options in the sysctl output file
+ (`sudo sysctl -a > file`)
+ -v VERSION, --kernel-version VERSION
+ extract the version from the kernel version file
+ (contents of /proc/version)
+ -p {X86_64,X86_32,ARM64,ARM}, --print {X86_64,X86_32,ARM64,ARM}
+ print the security hardening recommendations for the selected
+ microarchitecture
+ -g {X86_64,X86_32,ARM64,ARM}, --generate {X86_64,X86_32,ARM64,ARM}
+ generate a Kconfig fragment with the security hardening options
+ for the selected microarchitecture