projects
/
kconfig-hardened-check.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add some new sysctls (to remember them)
[kconfig-hardened-check.git]
/
kconfig-hardened-check.py
diff --git
a/kconfig-hardened-check.py
b/kconfig-hardened-check.py
index a7a7d9cf05df6b867ed03c1c5052590a3e8460dd..10c2997ad0802556b165df7925506340171f363c 100755
(executable)
--- a/
kconfig-hardened-check.py
+++ b/
kconfig-hardened-check.py
@@
-32,9
+32,13
@@
# kpti=on
# ssbd=force-on
#
# kpti=on
# ssbd=force-on
#
-# N.B. Hardening sysctl
'
s:
-# net.core.bpf_jit_harden
+# N.B. Hardening sysctls:
+# net.core.bpf_jit_harden
=2
# kptr_restrict=2
# kptr_restrict=2
+# vm.unprivileged_userfaultfd=0
+# kernel.perf_event_paranoid=3
+# kernel.yama.ptrace_scope=1
+# kernel.unprivileged_bpf_disabled=1
import sys
from argparse import ArgumentParser
import sys
from argparse import ArgumentParser