X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2F__init__.py;h=15ea3e4e5d9c412a2990c324c114374fd4dfc42e;hb=a7e1677cea24fec92a6a2c36c1dbc0094413535d;hp=0f3f3d3fe1d15659cd5694884edcc70f66024a13;hpb=bdac2c22b96b3a682801674efed92fddc8a347b0;p=kconfig-hardened-check.git

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 0f3f3d3..15ea3e4 100755
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -59,6 +59,7 @@ from argparse import ArgumentParser
 from collections import OrderedDict
 import re
 import json
+from .__about__ import __version__
 
 # debug_mode enables:
 #    - reporting about unknown kernel options in the config,
@@ -459,6 +460,10 @@ def construct_checklist(checklist, arch):
     checklist.append(OptCheck('DEBUG_FS',                'is not set', 'grsecurity', 'cut_attack_surface')) # refers to LOCKDOWN
     checklist.append(OptCheck('NOTIFIER_ERROR_INJECTION','is not set', 'grsecurity', 'cut_attack_surface'))
 
+    checklist.append(OptCheck('DRM_LEGACY',     'is not set', 'maintainer', 'cut_attack_surface'))
+    checklist.append(OptCheck('FB',             'is not set', 'maintainer', 'cut_attack_surface'))
+    checklist.append(OptCheck('VT',             'is not set', 'maintainer', 'cut_attack_surface'))
+
     checklist.append(OptCheck('ACPI_TABLE_UPGRADE',   'is not set', 'lockdown', 'cut_attack_surface')) # refers to LOCKDOWN
     checklist.append(OptCheck('X86_IOPL_IOPERM',      'is not set', 'lockdown', 'cut_attack_surface')) # refers to LOCKDOWN
     checklist.append(OptCheck('EFI_TEST',             'is not set', 'lockdown', 'cut_attack_surface')) # refers to LOCKDOWN
@@ -489,6 +494,7 @@ def construct_checklist(checklist, arch):
     checklist.append(OptCheck('FTRACE',               'is not set', 'my', 'cut_attack_surface')) # refers to LOCKDOWN
     checklist.append(OptCheck('BPF_JIT',              'is not set', 'my', 'cut_attack_surface'))
     checklist.append(OptCheck('VIDEO_VIVID',          'is not set', 'my', 'cut_attack_surface'))
+    checklist.append(OptCheck('INPUT_EVBUG',          'is not set', 'my', 'cut_attack_surface')) # Can be used as a keylogger
 
     checklist.append(OptCheck('INTEGRITY',       'y', 'defconfig', 'userspace_hardening'))
     if arch == 'ARM64':
@@ -599,7 +605,8 @@ def main():
 
     config_checklist = []
 
-    parser = ArgumentParser(description='Checks the hardening options in the Linux kernel config')
+    parser = ArgumentParser(prog='kconfig-hardened-check',
+                            description='Checks the hardening options in the Linux kernel config')
     parser.add_argument('-p', '--print', choices=supported_archs,
                         help='print hardening preferences for selected architecture')
     parser.add_argument('-c', '--config',
@@ -608,6 +615,7 @@ def main():
                         help='enable verbose debug mode')
     parser.add_argument('--json', action='store_true',
                         help='print results in JSON format')
+    parser.add_argument('--version', action='version', version='%(prog)s ' + __version__)
     args = parser.parse_args()
 
     if args.debug: