checklist.append(OptCheck('DEBUG_FS', 'is not set', 'grsecurity', 'cut_attack_surface')) # refers to LOCKDOWN
checklist.append(OptCheck('NOTIFIER_ERROR_INJECTION','is not set', 'grsecurity', 'cut_attack_surface'))
checklist.append(OptCheck('DEBUG_FS', 'is not set', 'grsecurity', 'cut_attack_surface')) # refers to LOCKDOWN
checklist.append(OptCheck('NOTIFIER_ERROR_INJECTION','is not set', 'grsecurity', 'cut_attack_surface'))
+ checklist.append(OptCheck('DRM_LEGACY', 'is not set', 'maintainer', 'cut_attack_surface'))
+ checklist.append(OptCheck('FB', 'is not set', 'maintainer', 'cut_attack_surface'))
+ checklist.append(OptCheck('VT', 'is not set', 'maintainer', 'cut_attack_surface'))
+
checklist.append(OptCheck('ACPI_TABLE_UPGRADE', 'is not set', 'lockdown', 'cut_attack_surface')) # refers to LOCKDOWN
checklist.append(OptCheck('X86_IOPL_IOPERM', 'is not set', 'lockdown', 'cut_attack_surface')) # refers to LOCKDOWN
checklist.append(OptCheck('EFI_TEST', 'is not set', 'lockdown', 'cut_attack_surface')) # refers to LOCKDOWN
checklist.append(OptCheck('ACPI_TABLE_UPGRADE', 'is not set', 'lockdown', 'cut_attack_surface')) # refers to LOCKDOWN
checklist.append(OptCheck('X86_IOPL_IOPERM', 'is not set', 'lockdown', 'cut_attack_surface')) # refers to LOCKDOWN
checklist.append(OptCheck('EFI_TEST', 'is not set', 'lockdown', 'cut_attack_surface')) # refers to LOCKDOWN
parser.add_argument('-p', '--print', choices=supported_archs,
help='print hardening preferences for selected architecture')
parser.add_argument('-c', '--config',
parser.add_argument('-p', '--print', choices=supported_archs,
help='print hardening preferences for selected architecture')
parser.add_argument('-c', '--config',
help='enable verbose debug mode')
parser.add_argument('--json', action='store_true',
help='print results in JSON format')
help='enable verbose debug mode')
parser.add_argument('--json', action='store_true',
help='print results in JSON format')