import re
debug_mode = False # set it to True to print the unknown options from the config
-error_count = 0
checklist = []
self.result = None
def check(self):
- global error_count
-
if self.expected == self.state:
self.result = 'OK'
elif self.state is None:
if self.expected == 'is not set':
self.result = 'OK: not found'
else:
- error_count += 1
self.result = 'FAIL: not found'
else:
- error_count += 1
self.result = 'FAIL: "' + self.state + '"'
def __repr__(self):
checklist.append(OptCheck('ZSMALLOC_STAT', 'is not set', 'ubuntu18', 'cut_attack_surface'))
checklist.append(OptCheck('PAGE_OWNER', 'is not set', 'ubuntu18', 'cut_attack_surface'))
checklist.append(OptCheck('DEBUG_KMEMLEAK', 'is not set', 'ubuntu18', 'cut_attack_surface'))
+ checklist.append(OptCheck('BINFMT_AOUT', 'is not set', 'ubuntu18', 'cut_attack_surface'))
checklist.append(OptCheck('IO_STRICT_DEVMEM', 'y', 'kspp', 'cut_attack_surface'))
checklist.append(OptCheck('LEGACY_VSYSCALL_NONE', 'y', 'kspp', 'cut_attack_surface')) # 'vsyscall=none'
def print_check_results():
- global error_count
-
print(' {:<39}|{:^13}|{:^10}|{:^20}||{:^20}'.format('option name', 'desired val', 'decision', 'reason', 'check result'))
print(' ===========================================================================================================')
for opt in checklist:
if args.config:
check_config_file(args.config)
+ error_count = len(list(filter(lambda opt: opt.result.startswith('FAIL'), checklist)))
if error_count == 0:
print('[+] config check is PASSED')
sys.exit(0)
projects / kconfig-hardened-check.git / blobdiff