echo ">>>>> check sysctl separately <<<<<"
coverage run -a --branch bin/kernel-hardening-checker -s $SYSCTL_EXAMPLE
-coverage run -a --branch bin/kernel-hardening-checker -s /etc/sysctl.conf
coverage run -a --branch bin/kernel-hardening-checker -s $SYSCTL_EXAMPLE -m verbose > /dev/null
coverage run -a --branch bin/kernel-hardening-checker -s $SYSCTL_EXAMPLE -m json
coverage run -a --branch bin/kernel-hardening-checker -s $SYSCTL_EXAMPLE -m show_ok
coverage run -a --branch bin/kernel-hardening-checker -s $SYSCTL_EXAMPLE -m show_fail
+echo ">>>>> check sysctl.conf (it should not fail) <<<<<"
+cat /etc/sysctl.conf
+coverage run -a --branch bin/kernel-hardening-checker -s /etc/sysctl.conf
+
echo ">>>>> test -v (kernel version detection) <<<<<"
cp kernel_hardening_checker/config_files/distros/fedora_34.config ./test.config
coverage run -a --branch bin/kernel-hardening-checker -c ./test.config -v /proc/version
sysctl_pattern = re.compile(r"[a-zA-Z0-9/\._-]+ ?=.*$")
for line in f.readlines():
line = line.strip()
- if line.startswith('#'):
+ if not line or line.startswith('#'):
continue
if not sysctl_pattern.match(line):
sys.exit(f'[!] ERROR: unexpected line in sysctl file: "{line}"')
projects / kconfig-hardened-check.git / commitdiff