projects
/
kconfig-hardened-check.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
4dd0d2f
)
Improve the comments and README
author
Alexander Popov
<alex.popov@linux.com>
Mon, 12 Jun 2023 11:37:42 +0000
(14:37 +0300)
committer
Alexander Popov
<alex.popov@linux.com>
Mon, 12 Jun 2023 11:44:19 +0000
(14:44 +0300)
README.md
patch
|
blob
|
history
kconfig_hardened_check/__init__.py
patch
|
blob
|
history
kconfig_hardened_check/checks.py
patch
|
blob
|
history
kconfig_hardened_check/engine.py
patch
|
blob
|
history
kconfig_hardened_check/test_engine.py
patch
|
blob
|
history
diff --git
a/README.md
b/README.md
index 0fd80e94899c614e740cc947201818b26871954f..e00cb0ac4e7547f0ac29da100194c12519735df4 100644
(file)
--- a/
README.md
+++ b/
README.md
@@
-14,8
+14,8
@@
make our systems more secure.
But nobody likes checking configs manually. So let the computers do their job!
But nobody likes checking configs manually. So let the computers do their job!
-__kconfig-hardened-check__
helps me to check the Linux kernel options
-against my security hardening preferences, which are based on the
+__kconfig-hardened-check__
is a tool for checking the security hardening options of the Linux kernel.
+The recommendations are based on
- [KSPP recommended settings][1]
- [CLIP OS kernel configuration][2]
- [KSPP recommended settings][1]
- [CLIP OS kernel configuration][2]
@@
-63,8
+63,8
@@
Some Linux distributions also provide `kconfig-hardened-check` as a package.
## Usage
```
## Usage
```
-usage: kconfig-hardened-check [-h] [--version] [-p {X86_64,X86_32,ARM64,ARM}] [-c CONFIG]
- [-
l CMDLINE] [-
m {verbose,json,show_ok,show_fail}]
+usage: kconfig-hardened-check [-h] [--version] [-p {X86_64,X86_32,ARM64,ARM}] [-c CONFIG]
[-l CMDLINE]
+ [-m {verbose,json,show_ok,show_fail}]
A tool for checking the security hardening options of the Linux kernel
A tool for checking the security hardening options of the Linux kernel
@@
-72,12
+72,11
@@
options:
-h, --help show this help message and exit
--version show program's version number and exit
-p {X86_64,X86_32,ARM64,ARM}, --print {X86_64,X86_32,ARM64,ARM}
-h, --help show this help message and exit
--version show program's version number and exit
-p {X86_64,X86_32,ARM64,ARM}, --print {X86_64,X86_32,ARM64,ARM}
- print security hardening
preference
s for the selected architecture
+ print security hardening
option
s for the selected architecture
-c CONFIG, --config CONFIG
-c CONFIG, --config CONFIG
- check the kernel kconfig file against these preferences (also supports
- *.gz files)
+ check security hardening options in the kernel kconfig file (also supports *.gz files)
-l CMDLINE, --cmdline CMDLINE
-l CMDLINE, --cmdline CMDLINE
- check
the kernel cmdline file against these preferences
+ check
security hardening options in the kernel cmdline file
-m {verbose,json,show_ok,show_fail}, --mode {verbose,json,show_ok,show_fail}
choose the report mode
```
-m {verbose,json,show_ok,show_fail}, --mode {verbose,json,show_ok,show_fail}
choose the report mode
```
diff --git
a/kconfig_hardened_check/__init__.py
b/kconfig_hardened_check/__init__.py
index cdb08288fa0f3ccf2b938cf88fb92462070da61f..086e21e3769d3569ec4eb4672b7920614d4fc9c5 100644
(file)
--- a/
kconfig_hardened_check/__init__.py
+++ b/
kconfig_hardened_check/__init__.py
@@
-1,9
+1,7
@@
#!/usr/bin/python3
"""
#!/usr/bin/python3
"""
-This tool helps me to check Linux kernel options against
-my security hardening preferences for X86_64, ARM64, X86_32, and ARM.
-Let the computers do their job!
+This tool is for checking the security hardening options of the Linux kernel.
Author: Alexander Popov <alex.popov@linux.com>
Author: Alexander Popov <alex.popov@linux.com>
@@
-211,11
+209,11
@@
def main():
description='A tool for checking the security hardening options of the Linux kernel')
parser.add_argument('--version', action='version', version='%(prog)s ' + __version__)
parser.add_argument('-p', '--print', choices=supported_archs,
description='A tool for checking the security hardening options of the Linux kernel')
parser.add_argument('--version', action='version', version='%(prog)s ' + __version__)
parser.add_argument('-p', '--print', choices=supported_archs,
- help='print security hardening
preference
s for the selected architecture')
+ help='print security hardening
option
s for the selected architecture')
parser.add_argument('-c', '--config',
parser.add_argument('-c', '--config',
- help='check
the kernel kconfig file against these preferences
(also supports *.gz files)')
+ help='check
security hardening options in the kernel kconfig file
(also supports *.gz files)')
parser.add_argument('-l', '--cmdline',
parser.add_argument('-l', '--cmdline',
- help='check
the kernel cmdline file against these preferences
')
+ help='check
security hardening options in the kernel cmdline file
')
parser.add_argument('-m', '--mode', choices=report_modes,
help='choose the report mode')
args = parser.parse_args()
parser.add_argument('-m', '--mode', choices=report_modes,
help='choose the report mode')
args = parser.parse_args()
@@
-306,7
+304,7
@@
def main():
add_kconfig_checks(config_checklist, arch)
add_cmdline_checks(config_checklist, arch)
if mode != 'json':
add_kconfig_checks(config_checklist, arch)
add_cmdline_checks(config_checklist, arch)
if mode != 'json':
- print(f'[+] Printing kernel security hardening
preference
s for {arch}...')
+ print(f'[+] Printing kernel security hardening
option
s for {arch}...')
print_checklist(mode, config_checklist, False)
sys.exit(0)
print_checklist(mode, config_checklist, False)
sys.exit(0)
diff --git
a/kconfig_hardened_check/checks.py
b/kconfig_hardened_check/checks.py
index 87e45c96676e2d6567d602ac3af7d2777da70bbd..46922a2db82d3186713ab1c34b796b58a0f8b2aa 100644
(file)
--- a/
kconfig_hardened_check/checks.py
+++ b/
kconfig_hardened_check/checks.py
@@
-1,9
+1,7
@@
#!/usr/bin/python3
"""
#!/usr/bin/python3
"""
-This tool helps me to check Linux kernel options against
-my security hardening preferences for X86_64, ARM64, X86_32, and ARM.
-Let the computers do their job!
+This tool is for checking the security hardening options of the Linux kernel.
Author: Alexander Popov <alex.popov@linux.com>
Author: Alexander Popov <alex.popov@linux.com>
diff --git
a/kconfig_hardened_check/engine.py
b/kconfig_hardened_check/engine.py
index 67912857e479792a2420133bb71ceb6df2ad7668..e9140447c90bf697d9a18b41ef39bc32bb72ead2 100644
(file)
--- a/
kconfig_hardened_check/engine.py
+++ b/
kconfig_hardened_check/engine.py
@@
-1,9
+1,7
@@
#!/usr/bin/python3
"""
#!/usr/bin/python3
"""
-This tool helps me to check Linux kernel options against
-my security hardening preferences for X86_64, ARM64, X86_32, and ARM.
-Let the computers do their job!
+This tool is for checking the security hardening options of the Linux kernel.
Author: Alexander Popov <alex.popov@linux.com>
Author: Alexander Popov <alex.popov@linux.com>
diff --git
a/kconfig_hardened_check/test_engine.py
b/kconfig_hardened_check/test_engine.py
index 8ef0fa3fb505c16fd5db4386e5705233da097a7a..433e5844e596f6c5122618116857f32cd107aca8 100644
(file)
--- a/
kconfig_hardened_check/test_engine.py
+++ b/
kconfig_hardened_check/test_engine.py
@@
-1,9
+1,7
@@
#!/usr/bin/python3
"""
#!/usr/bin/python3
"""
-This tool helps me to check Linux kernel options against
-my security hardening preferences for X86_64, ARM64, X86_32, and ARM.
-Let the computers do their job!
+This tool is for checking the security hardening options of the Linux kernel.
Author: Alexander Popov <alex.popov@linux.com>
Author: Alexander Popov <alex.popov@linux.com>
projects / kconfig-hardened-check.git / commitdiff