projects
/
kconfig-hardened-check.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add a check to `_open`
[kconfig-hardened-check.git]
/
kernel_hardening_checker
/
__init__.py
diff --git
a/kernel_hardening_checker/__init__.py
b/kernel_hardening_checker/__init__.py
index 858341a05c8ebfea894775f08fc3ef1cb2a2e9e9..286f420ea5c016f72529647e44896223f65695de 100644
(file)
--- a/
kernel_hardening_checker/__init__.py
+++ b/
kernel_hardening_checker/__init__.py
@@
-26,7
+26,11
@@
def _open(file: str, *args, **kwargs):
if file.endswith('.gz'):
open_method = gzip.open
if file.endswith('.gz'):
open_method = gzip.open
- return open_method(file, *args, **kwargs)
+ try:
+ return open_method(file, *args, **kwargs)
+ except FileNotFoundError:
+ sys.exit(f'[!] ERROR: unable to open {file}, are you sure it exists?')
+
def detect_arch(fname, archs):
def detect_arch(fname, archs):
@@
-85,16
+89,16
@@
def print_unknown_options(checklist, parsed_options, opt_type):
known_options = []
for o1 in checklist:
known_options = []
for o1 in checklist:
- if o1.type != 'complex':
+ if o1.
opt_
type != 'complex':
known_options.append(o1.name)
continue
for o2 in o1.opts:
known_options.append(o1.name)
continue
for o2 in o1.opts:
- if o2.type != 'complex':
+ if o2.
opt_
type != 'complex':
if hasattr(o2, 'name'):
known_options.append(o2.name)
continue
for o3 in o2.opts:
if hasattr(o2, 'name'):
known_options.append(o2.name)
continue
for o3 in o2.opts:
- assert(o3.type != 'complex'), \
+ assert(o3.
opt_
type != 'complex'), \
f'unexpected ComplexOptCheck inside {o2.name}'
if hasattr(o3, 'name'):
known_options.append(o3.name)
f'unexpected ComplexOptCheck inside {o2.name}'
if hasattr(o3, 'name'):
known_options.append(o3.name)
@@
-219,8
+223,8
@@
def parse_sysctl_file(mode, parsed_options, fname):
sys.exit(f'[!] ERROR: {fname} doesn\'t look like a sysctl output file, please try `sudo sysctl -a > {fname}`')
# let's check the presence of a sysctl option available for root
sys.exit(f'[!] ERROR: {fname} doesn\'t look like a sysctl output file, please try `sudo sysctl -a > {fname}`')
# let's check the presence of a sysctl option available for root
- if '
net.core.bpf_jit_harden
' not in parsed_options and mode != 'json':
- print(f'[!] WARNING: sysctl option "
net.core.bpf_jit_harden
" available for root is not found in {fname}, please try `sudo sysctl -a > {fname}`')
+ if '
kernel.cad_pid
' not in parsed_options and mode != 'json':
+ print(f'[!] WARNING: sysctl option "
kernel.cad_pid
" available for root is not found in {fname}, please try `sudo sysctl -a > {fname}`')
def main():
def main():