But nobody likes checking configs manually. So let the computers do their job!
-__kconfig-hardened-check__ helps me to check the Linux kernel options
-against my security hardening preferences, which are based on the
+__kconfig-hardened-check__ is a tool for checking the security hardening options of the Linux kernel.
+The recommendations are based on
- [KSPP recommended settings][1]
- [CLIP OS kernel configuration][2]
## Usage
```
-usage: kconfig-hardened-check [-h] [--version] [-p {X86_64,X86_32,ARM64,ARM}] [-c CONFIG]
- [-l CMDLINE] [-m {verbose,json,show_ok,show_fail}]
+usage: kconfig-hardened-check [-h] [--version] [-p {X86_64,X86_32,ARM64,ARM}] [-c CONFIG] [-l CMDLINE]
+ [-m {verbose,json,show_ok,show_fail}]
A tool for checking the security hardening options of the Linux kernel
-h, --help show this help message and exit
--version show program's version number and exit
-p {X86_64,X86_32,ARM64,ARM}, --print {X86_64,X86_32,ARM64,ARM}
- print security hardening preferences for the selected architecture
+ print security hardening options for the selected architecture
-c CONFIG, --config CONFIG
- check the kernel kconfig file against these preferences (also supports
- *.gz files)
+ check security hardening options in the kernel kconfig file (also supports *.gz files)
-l CMDLINE, --cmdline CMDLINE
- check the kernel cmdline file against these preferences
+ check security hardening options in the kernel cmdline file
-m {verbose,json,show_ok,show_fail}, --mode {verbose,json,show_ok,show_fail}
choose the report mode
```
#!/usr/bin/python3
"""
-This tool helps me to check Linux kernel options against
-my security hardening preferences for X86_64, ARM64, X86_32, and ARM.
-Let the computers do their job!
+This tool is for checking the security hardening options of the Linux kernel.
Author: Alexander Popov <alex.popov@linux.com>
description='A tool for checking the security hardening options of the Linux kernel')
parser.add_argument('--version', action='version', version='%(prog)s ' + __version__)
parser.add_argument('-p', '--print', choices=supported_archs,
- help='print security hardening preferences for the selected architecture')
+ help='print security hardening options for the selected architecture')
parser.add_argument('-c', '--config',
- help='check the kernel kconfig file against these preferences (also supports *.gz files)')
+ help='check security hardening options in the kernel kconfig file (also supports *.gz files)')
parser.add_argument('-l', '--cmdline',
- help='check the kernel cmdline file against these preferences')
+ help='check security hardening options in the kernel cmdline file')
parser.add_argument('-m', '--mode', choices=report_modes,
help='choose the report mode')
args = parser.parse_args()
add_kconfig_checks(config_checklist, arch)
add_cmdline_checks(config_checklist, arch)
if mode != 'json':
- print(f'[+] Printing kernel security hardening preferences for {arch}...')
+ print(f'[+] Printing kernel security hardening options for {arch}...')
print_checklist(mode, config_checklist, False)
sys.exit(0)
#!/usr/bin/python3
"""
-This tool helps me to check Linux kernel options against
-my security hardening preferences for X86_64, ARM64, X86_32, and ARM.
-Let the computers do their job!
+This tool is for checking the security hardening options of the Linux kernel.
Author: Alexander Popov <alex.popov@linux.com>
#!/usr/bin/python3
"""
-This tool helps me to check Linux kernel options against
-my security hardening preferences for X86_64, ARM64, X86_32, and ARM.
-Let the computers do their job!
+This tool is for checking the security hardening options of the Linux kernel.
Author: Alexander Popov <alex.popov@linux.com>
#!/usr/bin/python3
"""
-This tool helps me to check Linux kernel options against
-my security hardening preferences for X86_64, ARM64, X86_32, and ARM.
-Let the computers do their job!
+This tool is for checking the security hardening options of the Linux kernel.
Author: Alexander Popov <alex.popov@linux.com>
projects / kconfig-hardened-check.git / commitdiff