From: Alexander Popov Date: Sun, 7 Jul 2024 12:49:10 +0000 (+0300) Subject: Add the CRASH_DUMP check X-Git-Tag: v0.6.10~34 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=5e44660143ccd76a2aa3030f6949e7188e116a37;p=kconfig-hardened-check.git Add the CRASH_DUMP check Refers to #84. --- diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py index f338bbd..faf2aa2 100755 --- a/kernel_hardening_checker/checks.py +++ b/kernel_hardening_checker/checks.py @@ -392,6 +392,7 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None: l += [KconfigCheck('cut_attack_surface', 'clipos', 'KSM', 'is not set')] # to prevent FLUSH+RELOAD attack l += [KconfigCheck('cut_attack_surface', 'clipos', 'KALLSYMS', 'is not set')] l += [KconfigCheck('cut_attack_surface', 'clipos', 'KEXEC_FILE', 'is not set')] # refers to LOCKDOWN (permissive) + l += [KconfigCheck('cut_attack_surface', 'clipos', 'CRASH_DUMP', 'is not set')] l += [KconfigCheck('cut_attack_surface', 'clipos', 'USER_NS', 'is not set')] # user.max_user_namespaces=0 l += [KconfigCheck('cut_attack_surface', 'clipos', 'X86_CPUID', 'is not set')] l += [KconfigCheck('cut_attack_surface', 'clipos', 'X86_IOPL_IOPERM', 'is not set')] # refers to LOCKDOWN