X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2F__init__.py;h=ee0babe223e0cc3977b2ac1ee29a1ce011fb32a8;hb=e2ecf1ab64d1f4193eddff47df362afce2385c09;hp=09d49d70a473c48782edcdb7e5dcac46bc0cc26c;hpb=e6963df5f15afcd4a74f4216a9e269ed2e1d396f;p=kconfig-hardened-check.git

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 09d49d7..ee0babe 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -201,7 +201,7 @@ def parse_cmdline_file(mode, parsed_options, fname):
 
 def parse_sysctl_file(mode, parsed_options, fname):
     with open(fname, 'r', encoding='utf-8') as f:
-        sysctl_pattern = re.compile("[a-zA-Z0-9\._-]+ =.*$")
+        sysctl_pattern = re.compile("[a-zA-Z0-9/\._-]+ =.*$")
         for line in f.readlines():
             line = line.strip()
             if not sysctl_pattern.match(line):
@@ -239,14 +239,13 @@ def main():
                         help='check the security hardening options in the kernel Kconfig file (also supports *.gz files)')
     parser.add_argument('-l', '--cmdline',
                         help='check the security hardening options in the kernel cmdline file (contents of /proc/cmdline)')
-#   parser.add_argument('-s', '--sysctl',
-#                       help='check the security hardening options in the sysctl output file (`sudo sysctl -a > file`)')
+    parser.add_argument('-s', '--sysctl',
+                        help='check the security hardening options in the sysctl output file (`sudo sysctl -a > file`)')
     parser.add_argument('-p', '--print', choices=supported_archs,
                         help='print the security hardening recommendations for the selected microarchitecture')
     parser.add_argument('-g', '--generate', choices=supported_archs,
                         help='generate a Kconfig fragment with the security hardening options for the selected microarchitecture')
     args = parser.parse_args()
-    args.sysctl = None # FIXME
 
     mode = None
     if args.mode:
@@ -349,6 +348,8 @@ def main():
 
     if args.print:
         assert(args.config is None and args.cmdline is None and args.sysctl is None), 'unexpected args'
+        if args.generate:
+            sys.exit('[!] ERROR: --print and --generate can\'t be used together')
         if mode and mode not in ('verbose', 'json'):
             sys.exit(f'[!] ERROR: wrong mode "{mode}" for --print')
         arch = args.print
@@ -361,7 +362,7 @@ def main():
         sys.exit(0)
 
     if args.generate:
-        assert(args.config is None and args.cmdline is None and args.sysctl is None), 'unexpected args'
+        assert(args.config is None and args.cmdline is None and args.sysctl is None and args.print is None), 'unexpected args'
         if mode:
             sys.exit(f'[!] ERROR: wrong mode "{mode}" for --generate')
         arch = args.generate