## Usage
```
-usage: kconfig-hardened-check [-h] [--version] [-p {X86_64,X86_32,ARM64,ARM}] [-c CONFIG] [-l CMDLINE]
- [-m {verbose,json,show_ok,show_fail}]
+usage: kconfig-hardened-check [-h] [--version] [-p {X86_64,X86_32,ARM64,ARM}] [-c CONFIG]
+ [-l CMDLINE] [-m {verbose,json,show_ok,show_fail}]
A tool for checking the security hardening options of the Linux kernel
-h, --help show this help message and exit
--version show program's version number and exit
-p {X86_64,X86_32,ARM64,ARM}, --print {X86_64,X86_32,ARM64,ARM}
- print security hardening options for the selected architecture
+ print the security hardening recommendations for the selected
+ microarchitecture
-c CONFIG, --config CONFIG
- check security hardening options in the kernel kconfig file (also supports *.gz files)
+ check the security hardening options in the kernel kconfig file (also
+ supports *.gz files)
-l CMDLINE, --cmdline CMDLINE
- check security hardening options in the kernel cmdline file
+ check the security hardening options in the kernel cmdline file
-m {verbose,json,show_ok,show_fail}, --mode {verbose,json,show_ok,show_fail}
choose the report mode
```
if arch is None:
arch = option
else:
- return None, 'more than one supported architecture is detected'
+ return None, 'more than one supported microarchitecture is detected'
if arch is None:
- return None, 'failed to detect architecture'
+ return None, 'failed to detect microarchitecture'
return arch, 'OK'
description='A tool for checking the security hardening options of the Linux kernel')
parser.add_argument('--version', action='version', version='%(prog)s ' + __version__)
parser.add_argument('-p', '--print', choices=supported_archs,
- help='print security hardening options for the selected architecture')
+ help='print the security hardening recommendations for the selected microarchitecture')
parser.add_argument('-c', '--config',
- help='check security hardening options in the kernel kconfig file (also supports *.gz files)')
+ help='check the security hardening options in the kernel kconfig file (also supports *.gz files)')
parser.add_argument('-l', '--cmdline',
- help='check security hardening options in the kernel cmdline file')
+ help='check the security hardening options in the kernel cmdline file')
parser.add_argument('-m', '--mode', choices=report_modes,
help='choose the report mode')
args = parser.parse_args()
if arch is None:
sys.exit(f'[!] ERROR: {msg}')
if mode != 'json':
- print(f'[+] Detected architecture: {arch}')
+ print(f'[+] Detected microarchitecture: {arch}')
kernel_version, msg = detect_kernel_version(args.config)
if kernel_version is None:
projects / kconfig-hardened-check.git / commitdiff