projects
/
kconfig-hardened-check.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add a check to `_open`
[kconfig-hardened-check.git]
/
kernel_hardening_checker
/
__init__.py
diff --git
a/kernel_hardening_checker/__init__.py
b/kernel_hardening_checker/__init__.py
index 89c24f71e44fbf87f6e128c67fa4608c77906fb5..286f420ea5c016f72529647e44896223f65695de 100644
(file)
--- a/
kernel_hardening_checker/__init__.py
+++ b/
kernel_hardening_checker/__init__.py
@@
-26,7
+26,11
@@
def _open(file: str, *args, **kwargs):
if file.endswith('.gz'):
open_method = gzip.open
if file.endswith('.gz'):
open_method = gzip.open
- return open_method(file, *args, **kwargs)
+ try:
+ return open_method(file, *args, **kwargs)
+ except FileNotFoundError:
+ sys.exit(f'[!] ERROR: unable to open {file}, are you sure it exists?')
+
def detect_arch(fname, archs):
def detect_arch(fname, archs):
@@
-219,8
+223,8
@@
def parse_sysctl_file(mode, parsed_options, fname):
sys.exit(f'[!] ERROR: {fname} doesn\'t look like a sysctl output file, please try `sudo sysctl -a > {fname}`')
# let's check the presence of a sysctl option available for root
sys.exit(f'[!] ERROR: {fname} doesn\'t look like a sysctl output file, please try `sudo sysctl -a > {fname}`')
# let's check the presence of a sysctl option available for root
- if '
net.core.bpf_jit_harden
' not in parsed_options and mode != 'json':
- print(f'[!] WARNING: sysctl option "
net.core.bpf_jit_harden
" available for root is not found in {fname}, please try `sudo sysctl -a > {fname}`')
+ if '
kernel.cad_pid
' not in parsed_options and mode != 'json':
+ print(f'[!] WARNING: sysctl option "
kernel.cad_pid
" available for root is not found in {fname}, please try `sudo sysctl -a > {fname}`')
def main():
def main():