--- /dev/null
+name: static analysis
+
+on:
+ push:
+ branches: [ master ]
+ pull_request:
+ branches: [ master ]
+
+jobs:
+ static_analysis:
+
+ runs-on: ubuntu-latest
+
+ strategy:
+ max-parallel: 1
+ fail-fast: false
+ matrix:
+ python-version: ['3.12']
+
+ steps:
+
+ - name: Set up Python ${{ matrix.python-version }}
+ uses: actions/setup-python@v5
+ with:
+ python-version: ${{ matrix.python-version }}
+
+ - name: Get the source code
+ uses: actions/checkout@v4
+
+ - name: Check static typing with mypy
+ run: |
+ pip install mypy
+ mypy kernel_hardening_checker/ --show-error-context --pretty --no-incremental --check-untyped-defs --disallow-untyped-defs --strict-equality
+
+ - name: Check code with pylint
+ run: |
+ pip install pylint
+ pip install setuptools
+ pylint --recursive=y kernel_hardening_checker setup.py
+++ /dev/null
-name: static typing test
-
-on:
- push:
- branches: [ master ]
- pull_request:
- branches: [ master ]
-
-jobs:
- static_typing_test:
-
- runs-on: ubuntu-latest
-
- strategy:
- max-parallel: 1
- fail-fast: false
- matrix:
- python-version: ['3.12']
-
- steps:
-
- - name: Set up Python ${{ matrix.python-version }}
- uses: actions/setup-python@v5
- with:
- python-version: ${{ matrix.python-version }}
-
- - name: Get the source code
- uses: actions/checkout@v4
-
- - name: Check static typing with mypy
- run: |
- pip install mypy
- mypy kernel_hardening_checker/ --show-error-context --pretty --no-incremental --check-untyped-defs --disallow-untyped-defs --strict-equality
- python --version
- pip install --no-cache-dir mypy
- mypy kernel_hardening_checker/ --show-error-context --pretty --no-incremental --check-untyped-defs --disallow-untyped-defs --strict-equality
+ pylint-checking:
+ image: python:3
+ pull: true
+ commands:
+ - echo "Install the pylint tool..."
+ - python --version
+ - pip install --no-cache-dir pylint
+ - pip install --no-cache-dir setuptools
+ - pylint --recursive=y kernel_hardening_checker setup.py
functional-test-with-coverage:
image: python:3
pull: true
+++ /dev/null
-"""
-Version
-"""
-
-__version__ = '0.6.6'
This module performs input/output.
"""
-# pylint: disable=missing-function-docstring,line-too-long,invalid-name,too-many-branches,too-many-statements
+# pylint: disable=missing-function-docstring,line-too-long,too-many-branches,too-many-statements
import gzip
import sys
from typing import List, Tuple, Dict, TextIO
import re
import json
-from .__about__ import __version__
from .checks import add_kconfig_checks, add_cmdline_checks, normalize_cmdline_options, add_sysctl_checks
from .engine import StrOrNone, TupleOrNone, ChecklistObjType
from .engine import print_unknown_options, populate_with_data, perform_checks, override_expected_value
+# kernel-hardening-checker version
+__version__ = '0.6.6'
+
+
def _open(file: str) -> TextIO:
if file.endswith('.gz'):
return gzip.open(file, 'rt', encoding='utf-8')
This module contains knowledge for checks.
"""
-# pylint: disable=missing-function-docstring,line-too-long,invalid-name
+# pylint: disable=missing-function-docstring,line-too-long
# pylint: disable=too-many-branches,too-many-statements,too-many-locals
from typing import List
return value
-# TODO: draft of security hardening sysctls:
+# Ideas of security hardening sysctls:
# what about bpf_jit_enable?
# vm.mmap_min_addr has a good value
# nosmt sysfs control file
"""
# pylint: disable=missing-class-docstring,missing-function-docstring
-# pylint: disable=line-too-long,invalid-name,too-many-branches
+# pylint: disable=line-too-long,too-many-branches
from __future__ import annotations
import sys
[metadata]
name = kernel-hardening-checker
+version = attr: kernel_hardening_checker.__version__
author = Alexander Popov
author_email = alex.popov@linux.com
home_page = https://github.com/a13xp0p0v/kernel-hardening-checker
#!/usr/bin/env python3
-from setuptools import setup
+"""
+This tool is for checking the security hardening options of the Linux kernel.
+
+Author: Alexander Popov <alex.popov@linux.com>
-about = {}
-with open('kernel_hardening_checker/__about__.py') as f:
- exec(f.read(), about)
+This module performs installing of the kernel-hardening-checker package.
+"""
-print('v: "{}"'.format(about['__version__']))
+from setuptools import setup
# See the options in setup.cfg
-setup(version = about['__version__'])
+setup()