Add config_files directory

[kconfig-hardened-check.git] / README.md

diff --git a/README.md b/README.md
index 8d89888dc6b30a5718a4c283b02eaa61fae361f6..8f2271cdbb22271382ed8c8fed0319a9df9a3b5f 100644 (file)
--- a/README.md
+++ b/README.md
@@ -29,7 +29,7 @@ Usage: ./kconfig-hardened-check.py [-p | -c <config_file>]
 
 ### Script output for `Ubuntu 18.04 (Bionic Beaver)` kernel config
 ```
-./kconfig-hardened-check.py -c ubuntu-bionic-generic.config
+./kconfig-hardened-check.py -c config_files/ubuntu-bionic-generic.config
 [+] Checking "ubuntu-bionic-generic.config" against hardening preferences...
   option name                            | desired val | decision |       reason       ||    check result    
   ===========================================================================================================
@@ -70,13 +70,13 @@ Usage: ./kconfig-hardened-check.py [-p | -c <config_file>]
   CONFIG_DEBUG_CREDENTIALS               |      y      |   kspp   |  self_protection   || FAIL: "is not set" 
   CONFIG_DEBUG_NOTIFIERS                 |      y      |   kspp   |  self_protection   || FAIL: "is not set" 
   CONFIG_MODULE_SIG_FORCE                |      y      |   kspp   |  self_protection   || FAIL: "is not set" 
-  CONFIG_HARDENED_USERCOPY_FALLBACK      | is not set  |   kspp   |  self_protection   ||  FAIL: not found   
+  CONFIG_HARDENED_USERCOPY_FALLBACK      | is not set  |   kspp   |  self_protection   ||   OK: not found    
   CONFIG_GCC_PLUGIN_STACKLEAK            |      y      |    my    |  self_protection   ||  FAIL: not found   
   CONFIG_SLUB_DEBUG_ON                   |      y      |    my    |  self_protection   || FAIL: "is not set" 
   CONFIG_SECURITY_DMESG_RESTRICT         |      y      |    my    |  self_protection   || FAIL: "is not set" 
   CONFIG_STATIC_USERMODEHELPER           |      y      |    my    |  self_protection   || FAIL: "is not set" 
-  CONFIG_PAGE_POISONING_NO_SANITY        | is not set  |    my    |  self_protection   ||  FAIL: not found   
-  CONFIG_PAGE_POISONING_ZERO             | is not set  |    my    |  self_protection   ||  FAIL: not found   
+  CONFIG_PAGE_POISONING_NO_SANITY        | is not set  |    my    |  self_protection   ||   OK: not found    
+  CONFIG_PAGE_POISONING_ZERO             | is not set  |    my    |  self_protection   ||   OK: not found    
   CONFIG_SECURITY                        |      y      | ubuntu18 |  security_policy   ||         OK         
   CONFIG_SECURITY_YAMA                   |      y      | ubuntu18 |  security_policy   ||         OK         
   CONFIG_SECURITY_SELINUX_DISABLE        | is not set  | ubuntu18 |  security_policy   ||         OK         
@@ -91,6 +91,7 @@ Usage: ./kconfig-hardened-check.py [-p | -c <config_file>]
   CONFIG_ZSMALLOC_STAT                   | is not set  | ubuntu18 | cut_attack_surface ||         OK         
   CONFIG_PAGE_OWNER                      | is not set  | ubuntu18 | cut_attack_surface ||         OK         
   CONFIG_DEBUG_KMEMLEAK                  | is not set  | ubuntu18 | cut_attack_surface ||         OK         
+  CONFIG_BINFMT_AOUT                     | is not set  | ubuntu18 | cut_attack_surface ||   OK: not found    
   CONFIG_IO_STRICT_DEVMEM                |      y      |   kspp   | cut_attack_surface || FAIL: "is not set" 
   CONFIG_LEGACY_VSYSCALL_NONE            |      y      |   kspp   | cut_attack_surface || FAIL: "is not set" 
   CONFIG_BINFMT_MISC                     | is not set  |   kspp   | cut_attack_surface ||     FAIL: "m"      
@@ -127,7 +128,7 @@ Usage: ./kconfig-hardened-check.py [-p | -c <config_file>]
   CONFIG_ARCH_MMAP_RND_BITS              |     32      |    my    |userspace_protection||     FAIL: "28"     
   CONFIG_LKDTM                           |      m      |    my    |    feature_test    || FAIL: "is not set" 
 
-[-] config check is NOT PASSED: 55 errors
+[-] config check is NOT PASSED: 52 errors
 ```
 
 __Go and fix them all!__