projects
/
kconfig-hardened-check.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add some new sysctls (to remember them)
[kconfig-hardened-check.git]
/
kconfig-hardened-check.py
diff --git
a/kconfig-hardened-check.py
b/kconfig-hardened-check.py
index 7ec7a4b58c641e3f92c22c9c439ae8eb372f74e8..10c2997ad0802556b165df7925506340171f363c 100755
(executable)
--- a/
kconfig-hardened-check.py
+++ b/
kconfig-hardened-check.py
@@
-32,14
+32,19
@@
# kpti=on
# ssbd=force-on
#
# kpti=on
# ssbd=force-on
#
-# N.B. Hardening sysctl
'
s:
-# net.core.bpf_jit_harden
+# N.B. Hardening sysctls:
+# net.core.bpf_jit_harden
=2
# kptr_restrict=2
# kptr_restrict=2
+# vm.unprivileged_userfaultfd=0
+# kernel.perf_event_paranoid=3
+# kernel.yama.ptrace_scope=1
+# kernel.unprivileged_bpf_disabled=1
import sys
from argparse import ArgumentParser
from collections import OrderedDict
import re
import sys
from argparse import ArgumentParser
from collections import OrderedDict
import re
+import json
debug_mode = False # set it to True to print the unknown options from the config
json_mode = False # if True, print results in JSON format
debug_mode = False # set it to True to print the unknown options from the config
json_mode = False # if True, print results in JSON format
@@
-381,7
+386,7
@@
def print_checklist(checklist, with_results):
if with_results:
opt.append(o.result)
opts.append(opt)
if with_results:
opt.append(o.result)
opts.append(opt)
- print(
opts
)
+ print(
json.dumps(opts)
)
return
# header
return
# header