projects
/
kconfig-hardened-check.git
/ history
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
first ⋅ prev ⋅
next
INTEL_IOMMU is available for X86_32
[kconfig-hardened-check.git]
/
kconfig-hardened-check.py
2020-03-18
Alexander Popov
INTEL_IOMMU is available for X86_32
blob
|
commitdiff
|
raw
2020-03-18
Alexander Popov
Move VMSPLIT_3G to 'userspace_hardening'
blob
|
commitdiff
|
raw
|
diff to current
2020-03-18
Alexander Popov
Style fix
blob
|
commitdiff
|
raw
|
diff to current
2020-03-18
Alexander Popov
IOMMU_SUPPORT is needed for all architectures
blob
|
commitdiff
|
raw
|
diff to current
2020-03-18
Alexander Popov
SECURITY_WRITABLE_HOOKS and SECURITY_SELINUX_DISABLE...
blob
|
commitdiff
|
raw
|
diff to current
2020-03-18
Alexander Popov
Add CLIP OS recommendation about X86_CPUID
blob
|
commitdiff
|
raw
|
diff to current
2020-03-18
Alexander Popov
Fix RANDOM_TRUST_BOOTLOADER check
blob
|
commitdiff
|
raw
|
diff to current
2020-03-18
Alexander Popov
LOCKDOWN update - part II
blob
|
commitdiff
|
raw
|
diff to current
2020-03-18
Alexander Popov
LOCKDOWN update - part I
blob
|
commitdiff
|
raw
|
diff to current
2020-03-18
Alexander Popov
Don't restrict arch for "is not set" checks
blob
|
commitdiff
|
raw
|
diff to current
2020-03-17
Alexander Popov
SECURITY_LOCKDOWN_LSM is recommended by CLIP OS
blob
|
commitdiff
|
raw
|
diff to current
2020-03-08
Alexander Popov
Add CONFIG_INTEGRITY for userspace hardening
blob
|
commitdiff
|
raw
|
diff to current
2020-03-08
Alexander Popov
Fix the comments
blob
|
commitdiff
|
raw
|
diff to current
2020-03-08
Alexander Popov
Don't show all checks from all supported platforms...
blob
|
commitdiff
|
raw
|
diff to current
2020-03-07
Alexander Popov
Improve 'dunno' report in debug_mode
blob
|
commitdiff
|
raw
|
diff to current
2020-03-06
Alexander Popov
Add SECURITY_LOADPIN_ENFORCE check
blob
|
commitdiff
|
raw
|
diff to current
2020-03-06
Alexander Popov
Add CLIP OS recommendation about CONFIG_STAGING
blob
|
commitdiff
|
raw
|
diff to current
2020-03-06
Alexander Popov
Add CLIP OS recommendation about CONFIG_RANDOM_TRUST_BO...
blob
|
commitdiff
|
raw
|
diff to current
2020-03-06
Alexander Popov
Improve debug_mode a lot
blob
|
commitdiff
|
raw
|
diff to current
2020-03-06
Alexander Popov
Improve the table header
blob
|
commitdiff
|
raw
|
diff to current
2020-03-06
Alexander Popov
Drop unused OptCheck printing
blob
|
commitdiff
|
raw
|
diff to current
2020-03-05
Alexander Popov
Update 'decision' for new KSPP recommendations
blob
|
commitdiff
|
raw
|
diff to current
2020-03-05
Alexander Popov
LDISC_AUTOLOAD can be disabled since v5.1
blob
|
commitdiff
|
raw
|
diff to current
2020-03-05
Alexander Popov
REFCOUNT_FULL is enabled by default since v5.5
blob
|
commitdiff
|
raw
|
diff to current
2020-03-05
Alexander Popov
Add kernel version checks for complex checks with logic...
blob
|
commitdiff
|
raw
|
diff to current
2020-03-05
Alexander Popov
Add kernel version detection
blob
|
commitdiff
|
raw
|
diff to current
2020-03-05
Alexander Popov
Simplify perform_checks()
blob
|
commitdiff
|
raw
|
diff to current
2020-03-04
Alexander Popov
STACKPROTECTOR_PER_TASK is now default for ARM
blob
|
commitdiff
|
raw
|
diff to current
2020-03-04
Alexander Popov
SECURITY_WRITABLE_HOOKS is not disabled by default
blob
|
commitdiff
|
raw
|
diff to current
2020-03-04
Alexander Popov
Include GCC_PLUGINS to defconfig
blob
|
commitdiff
|
raw
|
diff to current
2020-01-14
Alexander Popov
Fix INIT_ON_FREE_DEFAULT_ON vs PAGE_POISONING issue #28
blob
|
commitdiff
|
raw
|
diff to current
2020-01-11
Alexander Popov
Recommend disabling VIDEO_VIVID
blob
|
commitdiff
|
raw
|
diff to current
2020-01-10
Alexander Popov
Take some ideas from NixOS/nixpkgs hardened kernel...
blob
|
commitdiff
|
raw
|
diff to current
2019-12-02
Alexander Popov
Pretty printing
blob
|
commitdiff
|
raw
|
diff to current
2019-11-29
Alexander Popov
RANDOMIZE_BASE is now enabled by default on arm64
blob
|
commitdiff
|
raw
|
diff to current
2019-11-28
Alexander Popov
x86_32: INTEL_IOMMU is not enabled by default - fix...
blob
|
commitdiff
|
raw
|
diff to current
2019-11-28
Alexander Popov
X86_INTEL_UMIP is now X86_UMIP
blob
|
commitdiff
|
raw
|
diff to current
2019-11-28
Alexander Popov
x86_64: more hardening options are enabled by default...
blob
|
commitdiff
|
raw
|
diff to current
2019-11-28
Alexander Popov
Improve the list of the kernel parameters in TODO
blob
|
commitdiff
|
raw
|
diff to current
2019-11-28
Alexander Popov
Update the column width
blob
|
commitdiff
|
raw
|
diff to current
2019-11-28
Alexander Popov
Some of my recommendations are used by CLIP OS, change...
blob
|
commitdiff
|
raw
|
diff to current
2019-11-28
Alexander Popov
Don't recommend disabling IKCONFIG anymore
blob
|
commitdiff
|
raw
|
diff to current
2019-11-28
Alexander Popov
Save more hardening sysctls for TODO
blob
|
commitdiff
|
raw
|
diff to current
2019-11-28
Alexander Popov
Group security policies together
blob
|
commitdiff
|
raw
|
diff to current
2019-11-28
Alexander Popov
Add INIT_ON_ALLOC_DEFAULT_ON and INIT_ON_FREE_DEFAULT_O...
blob
|
commitdiff
|
raw
|
diff to current
2019-11-28
Alexander Popov
Add RODATA_FULL_DEFAULT_ENABLED for ARM64
blob
|
commitdiff
|
raw
|
diff to current
2019-08-23
Alexander Popov
Add HARDEN_BRANCH_PREDICTOR and HARDEN_EL2_VECTORS
blob
|
commitdiff
|
raw
|
diff to current
2019-08-23
Alexander Popov
Bring more order to the offsets (style fix)
blob
|
commitdiff
|
raw
|
diff to current
2019-08-22
Alexander Popov
Add INIT_STACK_ALL as an alternative to GCC_PLUGIN_STRU...
blob
|
commitdiff
|
raw
|
diff to current
2019-08-22
Alexander Popov
Add SHUFFLE_PAGE_ALLOCATOR from v5.2
blob
|
commitdiff
|
raw
|
diff to current
2019-08-22
Alexander Popov
Add some new sysctls (to remember them)
blob
|
commitdiff
|
raw
|
diff to current
2019-07-08
Alexander Popov
Merge pull request #22 from adrianopol/master
blob
|
commitdiff
|
raw
|
diff to current
2019-07-07
Andrew Petelin
#20 fix: use right quotes in json output
22/head
blob
|
commitdiff
|
raw
|
diff to current
2019-06-24
Alexander Popov
Do code refactoring without changing the functionality
blob
|
commitdiff
|
raw
|
diff to current
2019-06-24
Alexander Popov
Merge branch 'json-support'
blob
|
commitdiff
|
raw
|
diff to current
2019-06-24
Alexander Popov
json: Fix minor things and update the README
blob
|
commitdiff
|
raw
|
diff to current
2019-06-24
Andrew Petelin
add --json option
21/head
blob
|
commitdiff
|
raw
|
diff to current
2019-06-04
Alexander Popov
Drop CONFIG_X86_MSR from the recommendations
blob
|
commitdiff
|
raw
|
diff to current
2019-06-03
Alexander Popov
Add the LDISC_AUTOLOAD check
blob
|
commitdiff
|
raw
|
diff to current
2019-06-03
Alexander Popov
Attribute some of my recommendations to CLIP OS - part II
blob
|
commitdiff
|
raw
|
diff to current
2019-06-03
Alexander Popov
Attribute some of my recommendations to CLIP OS
blob
|
commitdiff
|
raw
|
diff to current
2019-06-03
Alexander Popov
Add my recommendations for AMD (similar to CLIP OS...
blob
|
commitdiff
|
raw
|
diff to current
2019-06-03
Alexander Popov
Add X86-specific CLIP OS recommendations for kernel...
blob
|
commitdiff
|
raw
|
diff to current
2019-06-03
Alexander Popov
Add arch-independent CLIP OS recommendations for kernel...
blob
|
commitdiff
|
raw
|
diff to current
2019-06-03
Alexander Popov
Add more details about STACKLEAK
blob
|
commitdiff
|
raw
|
diff to current
2019-06-03
Alexander Popov
Don't recommend any particular LSM to avoid the holy war
blob
|
commitdiff
|
raw
|
diff to current
2019-06-03
Alexander Popov
Add CLIP OS recommendations for cutting attack surface
blob
|
commitdiff
|
raw
|
diff to current
2019-06-03
Alexander Popov
Improve printing of the results
blob
|
commitdiff
|
raw
|
diff to current
2019-05-27
Alexander Popov
Add more kernel command line parameters to comments
blob
|
commitdiff
|
raw
|
diff to current
2019-03-13
Alexander Popov
Add the comment about kptr_restrict
blob
|
commitdiff
|
raw
|
diff to current
2019-03-13
Alexander Popov
Add ARM64_PTR_AUTH check
blob
|
commitdiff
|
raw
|
diff to current
2019-03-13
Alexander Popov
Add STACKPROTECTOR_PER_TASK check for ARM
blob
|
commitdiff
|
raw
|
diff to current
2019-03-12
Alexander Popov
Don't hide AND check results if the requirements are...
blob
|
commitdiff
|
raw
|
diff to current
2019-03-12
Alexander Popov
Improve the final result output
blob
|
commitdiff
|
raw
|
diff to current
2019-03-12
Alexander Popov
Use the AND check for HARDENED_USERCOPY_FALLBACK
blob
|
commitdiff
|
raw
|
diff to current
2019-03-12
Alexander Popov
Use the AND check for PAGE_POISONING_NO_SANITY and...
blob
|
commitdiff
|
raw
|
diff to current
2019-03-12
Alexander Popov
Implement AND ComplexOptCheck
blob
|
commitdiff
|
raw
|
diff to current
2019-03-12
Alexander Popov
Add a sanity check and do minor refactoring
blob
|
commitdiff
|
raw
|
diff to current
2019-03-12
Alexander Popov
Introduce the ComplexOptCheck superclass
blob
|
commitdiff
|
raw
|
diff to current
2019-03-11
Alexander Popov
Add explicit checks for CONFIG_MODULES and CONFIG_DEVMEM
blob
|
commitdiff
|
raw
|
diff to current
2019-03-11
Alexander Popov
Add missing OR use case
blob
|
commitdiff
|
raw
|
diff to current
2019-03-11
Alexander Popov
Improve the output of OR checks
blob
|
commitdiff
|
raw
|
diff to current
2019-03-04
Alexander Popov
Add the RESET_ATTACK_MITIGATION check according to...
blob
|
commitdiff
|
raw
|
diff to current
2019-03-04
Alexander Popov
Fix false positive about CONFIG_MODULE_SIG_FORCE.
blob
|
commitdiff
|
raw
|
diff to current
2019-01-24
Alexander Popov
Update the README and comments after adding ARM support
blob
|
commitdiff
|
raw
|
diff to current
2019-01-24
Alexander Popov
Add ARM support
blob
|
commitdiff
|
raw
|
diff to current
2019-01-23
Alexander Popov
Go through all the checks in debug mode
blob
|
commitdiff
|
raw
|
diff to current
2019-01-23
Alexander Popov
Add ARM64 support
blob
|
commitdiff
|
raw
|
diff to current
2019-01-22
Alexander Popov
Add X86_32 support
blob
|
commitdiff
|
raw
|
diff to current
2019-01-21
Alexander Popov
Make the script aware of target architecture
blob
|
commitdiff
|
raw
|
diff to current
2019-01-14
Alexander Popov
Merge branch 'decision-cleanup'
blob
|
commitdiff
|
raw
|
diff to current
2019-01-14
Alexander Popov
Change the last 'ubuntu18' checks (about lockdown)
blob
|
commitdiff
|
raw
|
diff to current
2019-01-14
Alexander Popov
Change 'decision' to 'grsecurity' for their additional...
blob
|
commitdiff
|
raw
|
diff to current
2019-01-14
Alexander Popov
Change 'decision' to 'kspp' for non-default options...
blob
|
commitdiff
|
raw
|
diff to current
2019-01-14
Alexander Popov
Change 'decision' to 'defconfig' for hardening features...
blob
|
commitdiff
|
raw
|
diff to current
2018-12-21
Alexander Popov
Add kernel command line options enabling mitigations...
blob
|
commitdiff
|
raw
|
diff to current
2018-12-12
Alexander Popov
Add TODO (hardening preferences for ARM) and update...
blob
|
commitdiff
|
raw
|
diff to current
2018-12-12
Alexander Popov
Check x86 hardening features: X86_SMAP and X86_INTEL_UMIP
blob
|
commitdiff
|
raw
|
diff to current
2018-12-12
Alexander Popov
Add SECURITY_LOADPIN check
blob
|
commitdiff
|
raw
|
diff to current
2018-12-12
Alexander Popov
Add SLAB_MERGE_DEFAULT check
blob
|
commitdiff
|
raw
|
diff to current
next