from collections import OrderedDict
import re
import json
+from .__about__ import __version__
# debug_mode enables:
# - reporting about unknown kernel options in the config,
checklist.append(OptCheck('DEBUG_FS', 'is not set', 'grsecurity', 'cut_attack_surface')) # refers to LOCKDOWN
checklist.append(OptCheck('NOTIFIER_ERROR_INJECTION','is not set', 'grsecurity', 'cut_attack_surface'))
+ checklist.append(OptCheck('DRM_LEGACY', 'is not set', 'maintainer', 'cut_attack_surface'))
+ checklist.append(OptCheck('FB', 'is not set', 'maintainer', 'cut_attack_surface'))
+ checklist.append(OptCheck('VT', 'is not set', 'maintainer', 'cut_attack_surface'))
+
checklist.append(OptCheck('ACPI_TABLE_UPGRADE', 'is not set', 'lockdown', 'cut_attack_surface')) # refers to LOCKDOWN
checklist.append(OptCheck('X86_IOPL_IOPERM', 'is not set', 'lockdown', 'cut_attack_surface')) # refers to LOCKDOWN
checklist.append(OptCheck('EFI_TEST', 'is not set', 'lockdown', 'cut_attack_surface')) # refers to LOCKDOWN
config_checklist = []
- parser = ArgumentParser(description='Checks the hardening options in the Linux kernel config')
+ parser = ArgumentParser(prog='kconfig-hardened-check',
+ description='Checks the hardening options in the Linux kernel config')
parser.add_argument('-p', '--print', choices=supported_archs,
help='print hardening preferences for selected architecture')
parser.add_argument('-c', '--config',
help='enable verbose debug mode')
parser.add_argument('--json', action='store_true',
help='print results in JSON format')
+ parser.add_argument('--version', action='version', version='%(prog)s ' + __version__)
args = parser.parse_args()
if args.debug:
projects / kconfig-hardened-check.git / blobdiff