projects
/
kconfig-hardened-check.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge remote-tracking branch 'origin/pylint'
[kconfig-hardened-check.git]
/
kernel_hardening_checker
/
checks.py
diff --git
a/kernel_hardening_checker/checks.py
b/kernel_hardening_checker/checks.py
index 0e2bb7443a426975bfea0a59eeb5a566e7446534..f2e4c34fd6da0a81a046563329dd5e2736a09f46 100644
(file)
--- a/
kernel_hardening_checker/checks.py
+++ b/
kernel_hardening_checker/checks.py
@@
-8,11
+8,11
@@
Author: Alexander Popov <alex.popov@linux.com>
This module contains knowledge for checks.
"""
This module contains knowledge for checks.
"""
-# pylint: disable=missing-function-docstring,line-too-long
,invalid-name
+# pylint: disable=missing-function-docstring,line-too-long
# pylint: disable=too-many-branches,too-many-statements,too-many-locals
# pylint: disable=too-many-branches,too-many-statements,too-many-locals
-from .engine import StrOrNone, ChecklistObjType, KconfigCheck, CmdlineCheck, SysctlCheck, VersionCheck, OR, AND
from typing import List
from typing import List
+from .engine import StrOrNone, ChecklistObjType, KconfigCheck, CmdlineCheck, SysctlCheck, VersionCheck, OR, AND
def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
@@
-647,7
+647,7
@@
def normalize_cmdline_options(option: str, value: str) -> str:
return value
return value
-#
TODO: draft
of security hardening sysctls:
+#
Ideas
of security hardening sysctls:
# what about bpf_jit_enable?
# vm.mmap_min_addr has a good value
# nosmt sysfs control file
# what about bpf_jit_enable?
# vm.mmap_min_addr has a good value
# nosmt sysfs control file