From: Alexander Popov Date: Mon, 12 Jun 2023 11:37:42 +0000 (+0300) Subject: Improve the comments and README X-Git-Tag: v0.6.6~148 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=d6caae5328a051d33e43ffec040cae03d8f6a07f;p=kconfig-hardened-check.git Improve the comments and README --- diff --git a/README.md b/README.md index 0fd80e9..e00cb0a 100644 --- a/README.md +++ b/README.md @@ -14,8 +14,8 @@ make our systems more secure. But nobody likes checking configs manually. So let the computers do their job! -__kconfig-hardened-check__ helps me to check the Linux kernel options -against my security hardening preferences, which are based on the +__kconfig-hardened-check__ is a tool for checking the security hardening options of the Linux kernel. +The recommendations are based on - [KSPP recommended settings][1] - [CLIP OS kernel configuration][2] @@ -63,8 +63,8 @@ Some Linux distributions also provide `kconfig-hardened-check` as a package. ## Usage ``` -usage: kconfig-hardened-check [-h] [--version] [-p {X86_64,X86_32,ARM64,ARM}] [-c CONFIG] - [-l CMDLINE] [-m {verbose,json,show_ok,show_fail}] +usage: kconfig-hardened-check [-h] [--version] [-p {X86_64,X86_32,ARM64,ARM}] [-c CONFIG] [-l CMDLINE] + [-m {verbose,json,show_ok,show_fail}] A tool for checking the security hardening options of the Linux kernel @@ -72,12 +72,11 @@ options: -h, --help show this help message and exit --version show program's version number and exit -p {X86_64,X86_32,ARM64,ARM}, --print {X86_64,X86_32,ARM64,ARM} - print security hardening preferences for the selected architecture + print security hardening options for the selected architecture -c CONFIG, --config CONFIG - check the kernel kconfig file against these preferences (also supports - *.gz files) + check security hardening options in the kernel kconfig file (also supports *.gz files) -l CMDLINE, --cmdline CMDLINE - check the kernel cmdline file against these preferences + check security hardening options in the kernel cmdline file -m {verbose,json,show_ok,show_fail}, --mode {verbose,json,show_ok,show_fail} choose the report mode ``` diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index cdb0828..086e21e 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -1,9 +1,7 @@ #!/usr/bin/python3 """ -This tool helps me to check Linux kernel options against -my security hardening preferences for X86_64, ARM64, X86_32, and ARM. -Let the computers do their job! +This tool is for checking the security hardening options of the Linux kernel. Author: Alexander Popov @@ -211,11 +209,11 @@ def main(): description='A tool for checking the security hardening options of the Linux kernel') parser.add_argument('--version', action='version', version='%(prog)s ' + __version__) parser.add_argument('-p', '--print', choices=supported_archs, - help='print security hardening preferences for the selected architecture') + help='print security hardening options for the selected architecture') parser.add_argument('-c', '--config', - help='check the kernel kconfig file against these preferences (also supports *.gz files)') + help='check security hardening options in the kernel kconfig file (also supports *.gz files)') parser.add_argument('-l', '--cmdline', - help='check the kernel cmdline file against these preferences') + help='check security hardening options in the kernel cmdline file') parser.add_argument('-m', '--mode', choices=report_modes, help='choose the report mode') args = parser.parse_args() @@ -306,7 +304,7 @@ def main(): add_kconfig_checks(config_checklist, arch) add_cmdline_checks(config_checklist, arch) if mode != 'json': - print(f'[+] Printing kernel security hardening preferences for {arch}...') + print(f'[+] Printing kernel security hardening options for {arch}...') print_checklist(mode, config_checklist, False) sys.exit(0) diff --git a/kconfig_hardened_check/checks.py b/kconfig_hardened_check/checks.py index 87e45c9..46922a2 100644 --- a/kconfig_hardened_check/checks.py +++ b/kconfig_hardened_check/checks.py @@ -1,9 +1,7 @@ #!/usr/bin/python3 """ -This tool helps me to check Linux kernel options against -my security hardening preferences for X86_64, ARM64, X86_32, and ARM. -Let the computers do their job! +This tool is for checking the security hardening options of the Linux kernel. Author: Alexander Popov diff --git a/kconfig_hardened_check/engine.py b/kconfig_hardened_check/engine.py index 6791285..e914044 100644 --- a/kconfig_hardened_check/engine.py +++ b/kconfig_hardened_check/engine.py @@ -1,9 +1,7 @@ #!/usr/bin/python3 """ -This tool helps me to check Linux kernel options against -my security hardening preferences for X86_64, ARM64, X86_32, and ARM. -Let the computers do their job! +This tool is for checking the security hardening options of the Linux kernel. Author: Alexander Popov diff --git a/kconfig_hardened_check/test_engine.py b/kconfig_hardened_check/test_engine.py index 8ef0fa3..433e584 100644 --- a/kconfig_hardened_check/test_engine.py +++ b/kconfig_hardened_check/test_engine.py @@ -1,9 +1,7 @@ #!/usr/bin/python3 """ -This tool helps me to check Linux kernel options against -my security hardening preferences for X86_64, ARM64, X86_32, and ARM. -Let the computers do their job! +This tool is for checking the security hardening options of the Linux kernel. Author: Alexander Popov