projects
/
kconfig-hardened-check.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add the "MAGIC_SYSRQ_SERIAL" check
[kconfig-hardened-check.git]
/
kernel_hardening_checker
/
checks.py
diff --git
a/kernel_hardening_checker/checks.py
b/kernel_hardening_checker/checks.py
index 0d6d703aba7017ef7f9c0505b1437289c68b4ff0..42d9407b749e7141d8c1c3dd50091b0020e6ee5f 100755
(executable)
--- a/
kernel_hardening_checker/checks.py
+++ b/
kernel_hardening_checker/checks.py
@@
-421,6
+421,8
@@
def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
l += [KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'BLK_DEV_WRITE_MOUNTED', 'is not set')]
l += [OR(KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'TRIM_UNUSED_KSYMS', 'y'),
modules_not_set)]
l += [KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'BLK_DEV_WRITE_MOUNTED', 'is not set')]
l += [OR(KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'TRIM_UNUSED_KSYMS', 'y'),
modules_not_set)]
+ l += [OR(KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'MAGIC_SYSRQ_SERIAL', 'is not set'),
+ KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'MAGIC_SYSRQ_DEFAULT_ENABLE', '0x0'))]
# 'harden_userspace'
# 'harden_userspace'