Add the "MAGIC_SYSRQ_SERIAL" check

author Alexander Popov <alex.popov@linux.com>

Sun, 16 Jun 2024 04:24:56 +0000 (07:24 +0300)

committer Alexander Popov <alex.popov@linux.com>

Sun, 16 Jun 2024 04:32:04 +0000 (07:32 +0300)
author Alexander Popov <alex.popov@linux.com>
Sun, 16 Jun 2024 04:24:56 +0000 (07:24 +0300)
committer Alexander Popov <alex.popov@linux.com>
Sun, 16 Jun 2024 04:32:04 +0000 (07:32 +0300)
diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py

index 0d6d703aba7017ef7f9c0505b1437289c68b4ff0..42d9407b749e7141d8c1c3dd50091b0020e6ee5f 100755 (executable)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -421,6 +421,8 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
      l += [KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'BLK_DEV_WRITE_MOUNTED', 'is not set')]
      l += [OR(KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'TRIM_UNUSED_KSYMS', 'y'),
               modules_not_set)]
+    l += [OR(KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'MAGIC_SYSRQ_SERIAL', 'is not set'),
+             KconfigCheck('cut_attack_surface', 'a13xp0p0v', 'MAGIC_SYSRQ_DEFAULT_ENABLE', '0x0'))]
  
  
      # 'harden_userspace'
author	Alexander Popov <alex.popov@linux.com>
	Sun, 16 Jun 2024 04:24:56 +0000 (07:24 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Sun, 16 Jun 2024 04:32:04 +0000 (07:32 +0300)