Add some new sysctls (to remember them)

[kconfig-hardened-check.git] / kconfig-hardened-check.py

diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index 7ec7a4b58c641e3f92c22c9c439ae8eb372f74e8..10c2997ad0802556b165df7925506340171f363c 100755 (executable)
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -32,14 +32,19 @@
 #           kpti=on
 #           ssbd=force-on
 #
-# N.B. Hardening sysctl's:
-#    net.core.bpf_jit_harden
+# N.B. Hardening sysctls:
+#    net.core.bpf_jit_harden=2
 #    kptr_restrict=2
+#    vm.unprivileged_userfaultfd=0
+#    kernel.perf_event_paranoid=3
+#    kernel.yama.ptrace_scope=1
+#    kernel.unprivileged_bpf_disabled=1
 
 import sys
 from argparse import ArgumentParser
 from collections import OrderedDict
 import re
+import json
 
 debug_mode = False  # set it to True to print the unknown options from the config
 json_mode = False   # if True, print results in JSON format
@@ -381,7 +386,7 @@ def print_checklist(checklist, with_results):
             if with_results:
                 opt.append(o.result)
             opts.append(opt)
-        print(opts)
+        print(json.dumps(opts))
         return
 
     # header