checklist.append(OptCheck('PAGE_TABLE_ISOLATION', 'y', 'ubuntu18', 'self_protection'))
checklist.append(OptCheck('RETPOLINE', 'y', 'ubuntu18', 'self_protection'))
checklist.append(OptCheck('X86_64', 'y', 'ubuntu18', 'self_protection'))
- checklist.append(OptCheck('STRICT_KERNEL_RWX', 'y', 'ubuntu18', 'self_protection'))
+ checklist.append(OR(OptCheck('STRICT_KERNEL_RWX', 'y', 'ubuntu18', 'self_protection'), \
+ OptCheck('DEBUG_RODATA', 'y', 'before_v4.11', 'self_protection')))
checklist.append(OptCheck('DEBUG_WX', 'y', 'ubuntu18', 'self_protection'))
checklist.append(OptCheck('RANDOMIZE_BASE', 'y', 'ubuntu18', 'self_protection'))
checklist.append(OptCheck('RANDOMIZE_MEMORY', 'y', 'ubuntu18', 'self_protection'))
def print_checklist():
print('[+] Printing kernel hardening preferences...')
- print(' {:<39}|{:^13}|{:^10}|{:^20}'.format('option name', 'desired val', 'decision', 'reason'))
- print(' ======================================================================================')
+ print(' {:<39}|{:^13}|{:^10}|{:^20}'.format(
+ 'option name', 'desired val', 'decision', 'reason'))
+ print(' ' + '=' * 86)
for opt in checklist:
- print(' CONFIG_{:<32}|{:^13}|{:^10}|{:^20}'.format(opt.name, opt.expected, opt.decision, opt.reason))
+ print(' CONFIG_{:<32}|{:^13}|{:^10}|{:^20}'.format(
+ opt.name, opt.expected, opt.decision, opt.reason))
print()
def print_check_results():
- print(' {:<39}|{:^13}|{:^10}|{:^20}||{:^28}'.format('option name', 'desired val', 'decision', 'reason', 'check result'))
- print(' ===================================================================================================================')
+ print(' {:<39}|{:^13}|{:^10}|{:^20}||{:^28}'.format(
+ 'option name', 'desired val', 'decision', 'reason', 'check result'))
+ print(' ' + '=' * 115)
for opt in checklist:
- print(' CONFIG_{:<32}|{:^13}|{:^10}|{:^20}||{:^28}'.format(opt.name, opt.expected, opt.decision, opt.reason, opt.result))
+ print(' CONFIG_{:<32}|{:^13}|{:^10}|{:^20}||{:^28}'.format(
+ opt.name, opt.expected, opt.decision, opt.reason, opt.result))
print()
def get_option_state(options, name):
- return options[name] if name in options else None
+ return options.get(name, None)
def perform_checks(parsed_options):