X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2F__init__.py;h=bc0892aee602d17404b300db4a00bfdca96f8179;hb=922ac4d7aa4755aaad1721e910a02e06551e5dad;hp=639be27caa457c7612730e21146af0df4adbe9f1;hpb=55690d46d5fa7786c331ec5051672d708cc94f21;p=kconfig-hardened-check.git diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index 639be27..bc0892a 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -1,8 +1,8 @@ #!/usr/bin/python3 # -# This tool helps me to check the Linux kernel Kconfig option list -# against my security hardening preferences for X86_64, ARM64, X86_32, and ARM. +# This tool helps me to check Linux kernel options against +# my security hardening preferences for X86_64, ARM64, X86_32, and ARM. # Let the computers do their job! # # Author: Alexander Popov @@ -673,13 +673,13 @@ def print_checklist(mode, checklist, with_results): print('[+] Config check is finished: \'OK\' - {}{} / \'FAIL\' - {}{}'.format(ok_count, ok_suppressed, fail_count, fail_suppressed)) -def perform_check(opt, parsed_options, kernel_version): +def populate_opt_with_data(opt, parsed_options, kernel_version): if hasattr(opt, 'opts'): # prepare ComplexOptCheck for o in opt.opts: if hasattr(o, 'opts'): # Recursion for nested ComplexOptChecks - perform_check(o, parsed_options, kernel_version) + populate_opt_with_data(o, parsed_options, kernel_version) if hasattr(o, 'state'): o.state = parsed_options.get(o.name, None) if hasattr(o, 'ver'): @@ -689,12 +689,16 @@ def perform_check(opt, parsed_options, kernel_version): if not hasattr(opt, 'state'): sys.exit('[!] ERROR: bad simple check {}'.format(vars(opt))) opt.state = parsed_options.get(opt.name, None) - opt.check() -def perform_checks(checklist, parsed_options, kernel_version): +def populate_with_data(checklist, parsed_options, kernel_version): for opt in checklist: - perform_check(opt, parsed_options, kernel_version) + populate_opt_with_data(opt, parsed_options, kernel_version) + + +def perform_checks(checklist): + for opt in checklist: + opt.check() def parse_kconfig_file(parsed_options, fname): @@ -737,7 +741,7 @@ def main(): parser.add_argument('-p', '--print', choices=supported_archs, help='print security hardening preferences for the selected architecture') parser.add_argument('-c', '--config', - help='check the kernel config file against these preferences') + help='check the kernel kconfig file against these preferences') parser.add_argument('-m', '--mode', choices=report_modes, help='choose the report mode') args = parser.parse_args() @@ -752,7 +756,7 @@ def main(): if args.config: if mode != 'json': - print('[+] Config file to check: {}'.format(args.config)) + print('[+] Kconfig file to check: {}'.format(args.config)) arch, msg = detect_arch(args.config, supported_archs) if not arch: @@ -769,11 +773,15 @@ def main(): # add relevant kconfig checks to the checklist add_kconfig_checks(config_checklist, arch) + # populate the checklist with the parsed kconfig data parsed_kconfig_options = OrderedDict() parse_kconfig_file(parsed_kconfig_options, args.config) + populate_with_data(config_checklist, parsed_kconfig_options, kernel_version) - perform_checks(config_checklist, parsed_kconfig_options, kernel_version) + # now everything is ready for performing the checks + perform_checks(config_checklist) + # finally print the results if mode == 'verbose': print_unknown_options(config_checklist, parsed_kconfig_options) print_checklist(mode, config_checklist, True)