From: Alexander Popov <alex.popov@linux.com>
Date: Sun, 7 Jul 2024 12:49:10 +0000 (+0300)
Subject: Add the CRASH_DUMP check
X-Git-Tag: v0.6.10~34
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=5e44660143ccd76a2aa3030f6949e7188e116a37;p=kconfig-hardened-check.git

Add the CRASH_DUMP check

Refers to #84.
---

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index f338bbd..faf2aa2 100755
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -392,6 +392,7 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
     l += [KconfigCheck('cut_attack_surface', 'clipos', 'KSM', 'is not set')] # to prevent FLUSH+RELOAD attack
     l += [KconfigCheck('cut_attack_surface', 'clipos', 'KALLSYMS', 'is not set')]
     l += [KconfigCheck('cut_attack_surface', 'clipos', 'KEXEC_FILE', 'is not set')] # refers to LOCKDOWN (permissive)
+    l += [KconfigCheck('cut_attack_surface', 'clipos', 'CRASH_DUMP', 'is not set')]
     l += [KconfigCheck('cut_attack_surface', 'clipos', 'USER_NS', 'is not set')] # user.max_user_namespaces=0
     l += [KconfigCheck('cut_attack_surface', 'clipos', 'X86_CPUID', 'is not set')]
     l += [KconfigCheck('cut_attack_surface', 'clipos', 'X86_IOPL_IOPERM', 'is not set')] # refers to LOCKDOWN