projects / kconfig-hardened-check.git / history
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
Add the comment about 'if arch' for the 'cut_attack_surface' checks
[kconfig-hardened-check.git] / kernel_hardening_checker / checks.py
2 days ago Alexander PopovAdd the comment about 'if arch' for the 'cut_attack_sur... master commit | commitdiff
4 days ago Alexander PopovMerge branch 'scs-pac' commit | commitdiff
4 days ago Alexander PopovMerge branch 'page-table-check' commit | commitdiff
10 days ago Alexander PopovMerge branch 'master' into open-check commit | commitdiff
10 days ago Alexander PopovCheck MITIGATION_SPECTRE_BHI and spectre_bhi commit | commitdiff
10 days ago Alexander PopovCheck MITIGATION_RFDS and reg_file_data_sampling commit | commitdiff
10 days ago Alexander PopovAdd the new name of SPECULATION_MITIGATIONS commit | commitdiff
10 days ago Alexander PopovAdd the new names of RETPOLINE, CPU_SRSO, SLS commit | commitdiff
10 days ago Alexander PopovAdd the new name of PAGE_TABLE_ISOLATION commit | commitdiff
2024-05-22 jvoisinAdd two PAGE_TABLE_CHECK related checks from kspp 140/head commit | commitdiff
2024-05-19 Julien VoisinMerge branch 'master' into scs_pac 131/head commit | commitdiff
2024-05-14 Alexander PopovMerge remote-tracking branch 'origin/pylint' commit | commitdiff
2024-05-14 Alexander PopovDon't use TODO to avoid pylint warnings 136/head commit | commitdiff
2024-05-14 Alexander PopovDrop 'disable=invalid-name' for pylint commit | commitdiff
2024-05-13 Alexander PopovMerge branch 'typing' commit | commitdiff
2024-05-13 Alexander PopovStyle fixes for engine import commit | commitdiff
2024-05-13 Alexander PopovAdd more precise typing for checklist: List[ChecklistOb... commit | commitdiff
2024-05-12 Alexander PopovAdd more typing annotations to checks.py commit | commitdiff
2024-05-03 jvoisinAdd a check for CONFIG_UNWIND_PATCH_PAC_INTO_SCS commit | commitdiff
2024-05-03 Julien VoisinMerge branch 'master' into typing commit | commitdiff
2024-05-02 Alexander PopovMerge branch 'skip_sysctl' commit | commitdiff
2024-05-02 Alexander PopovStyle fixes, should be no functional changes 125/head commit | commitdiff
2024-05-02 Alexander PopovFix the reason and decision of the KEXEC_CORE check commit | commitdiff
2024-05-02 Alexander PopovFix the reason and decision of the BPF_JIT check commit | commitdiff
2024-05-02 Alexander PopovRestore the `dev.tty.legacy_tiocsti` check commit | commitdiff
2024-05-02 Alexander PopovUse CONFIG_LOCALVERSION instead of CONFIG_DEFAULT_INIT... commit | commitdiff
2024-05-02 Eneas U de Queirozskip kernel.modules_disabled if MODULES not set commit | commitdiff
2024-05-02 Eneas U de QueirozSkip unprivileged_userfaultfd if USERFAULTFD unset commit | commitdiff
2024-05-02 Eneas U de QueirozDon't fail if dev.tty.legacy_tiocsti not found commit | commitdiff
2024-05-02 Eneas U de QueirozSkip unprivileged_bpf_disabled if BPF_SYSCALL not set commit | commitdiff
2024-05-02 Eneas U de QueirozSkip kexec_load_disabled if KEXEC_CORE is not set commit | commitdiff
2024-05-02 Eneas U de QueirozSkip bpf_jit_harden sysctl if BPF_JIT is not set commit | commitdiff
2024-04-30 Alexander PopovMerge branch 'cpu_depend' commit | commitdiff
2024-04-30 jvoisinAdd some lightweight typing commit | commitdiff
2024-04-30 Alexander PopovFix the reason and decision for CPU_SUP_INTEL 123/head commit | commitdiff
2024-04-30 Alexander PopovStyle fixes commit | commitdiff
2024-04-23 Eneas U de QueirozSkip CPU-dependent checks if CPU is not supported commit | commitdiff
2024-04-18 Alexander PopovAdd the BLK_DEV_WRITE_MOUNTED/bdev_allow_write_mounted... commit | commitdiff
2024-04-17 Alexander PopovMerge branch 'shstk' commit | commitdiff
2024-04-17 Alexander PopovFix 'decision' for the X86_USER_SHADOW_STACK check 120/head commit | commitdiff
2024-04-15 jvoisinAdd a check for X86_USER_SHADOW_STACK commit | commitdiff
2024-03-30 Alexander PopovAdd a comment that 'user.max_user_namespaces=0' may... commit | commitdiff
2024-03-25 Alexander PopovImprove the CONFIG_CFI_CLANG checks (add the CONFIG_CC_... commit | commitdiff
2024-03-25 Alexander PopovDrop the GCC_PLUGINS check (checking CC_IS_GCC is enough) commit | commitdiff
2024-03-25 Alexander PopovAdd the CONFIG_CC_IS_GCC dependency for gcc plugins commit | commitdiff
2024-03-25 Alexander PopovDon't require GCC_PLUGINS separately commit | commitdiff
2024-03-24 Alexander PopovRename the 'my' check decision to 'a13xp0p0v' commit | commitdiff
2024-03-11 Alexander PopovImprove the DEBUG_CREDENTIALS check commit | commitdiff
2024-03-10 Alexander PopovFix the false result of the REFCOUNT_FULL check for... commit | commitdiff
2024-03-09 Alexander PopovUse 3 numbers in the VersionCheck constructor commit | commitdiff
2024-03-04 Alexander PopovAdd the ia32_emulation check commit | commitdiff
2024-02-19 Alexander PopovAdd MODULE_SIG_SHA3_512 as a valid option commit | commitdiff
2024-02-17 Alexander PopovMake LOCKDOWN_LSM 'self_protection', not 'security_policy' commit | commitdiff
2024-01-16 Alexander PopovImprove the check of DEBUG_NOTIFIERS feature (part 2) commit | commitdiff
2024-01-16 Alexander PopovImprove the check of DEBUG_NOTIFIERS feature commit | commitdiff
2024-01-16 Alexander PopovImprove the check of SCHED_STACK_END_CHECK. commit | commitdiff
2024-01-16 Alexander PopovDisable pylint too-many-locals, it's not useful for... commit | commitdiff
2024-01-16 Alexander PopovFix pylint W0613: Unused argument 'arch' commit | commitdiff
2024-01-14 Alexander PopovUBSAN_SANITIZE_ALL is now available for ARM commit | commitdiff
2023-12-30 Alexander PopovFix the order in the vdso32 check (part II) commit | commitdiff
2023-12-30 Alexander PopovFix the order in the vdso32 check commit | commitdiff
2023-12-30 Alexander PopovFix the 'decision' for the 'AIO' check commit | commitdiff
2023-12-29 Alexander PopovFix the 'decision' for the 'vdso32' check commit | commitdiff
2023-12-29 Alexander PopovImprove the comment for the 'slab_common.usercopy_fallb... commit | commitdiff
2023-12-28 Alexander PopovFix the arch condition for the SCHED_CORE check (III) commit | commitdiff
2023-12-28 Alexander PopovFix the arch for the CPU_SRSO check (it's available... commit | commitdiff
2023-12-28 Alexander PopovSplit the HW_RANDOM_TPM check (it's enabled by default... commit | commitdiff
2023-12-28 Alexander PopovChange the 'decision' of the INIT_STACK_ALL_ZERO check commit | commitdiff
2023-12-16 Alexander PopovAdd the RANDOM_KMALLOC_CACHES check commit | commitdiff
2023-12-16 Alexander PopovAdd the SECURITY_SELINUX_DEBUG check commit | commitdiff
2023-12-16 Alexander PopovFix the 'decision' for the LEGACY_TIOCSTI check commit | commitdiff
2023-12-16 Alexander PopovAdd the CONFIG_LIST_HARDENED check commit | commitdiff
2023-12-09 Alexander PopovAdd the gather_data_sampling check commit | commitdiff
2023-12-09 Alexander PopovAdd the CPU_SRSO check commit | commitdiff
2023-12-09 Alexander PopovAdd the SPECULATION_MITIGATIONS check commit | commitdiff
2023-12-09 Alexander PopovAdd the spec_rstack_overflow check commit | commitdiff
2023-12-09 Alexander PopovAdd the MODULE_FORCE_LOAD check commit | commitdiff
2023-12-02 Alexander PopovAdd the check for dis_ucode_ldr commit | commitdiff
2023-12-02 Alexander PopovAdd the MICROCODE_INTEL and MICROCODE_AMD checks commit | commitdiff
2023-12-02 Alexander PopovAdd a check for the 'kfence.sample_interval' boot parameter commit | commitdiff
2023-12-02 Alexander PopovAdd the KFENCE_SAMPLE_INTERVAL check commit | commitdiff
2023-12-02 Alexander PopovKeep the recommendation to disable kernel modules commit | commitdiff
2023-12-02 Alexander PopovAdd a comment about 'kernel.modules_disabled' commit | commitdiff
2023-10-18 Alexander PopovFix the reason for the 'kernel.yama.ptrace_scope' check commit | commitdiff
2023-10-17 Alexander PopovFix the reason for the nosmt check commit | commitdiff
2023-10-17 Alexander PopovAdd the 'dev.tty.legacy_tiocsti' check commit | commitdiff
2023-10-17 Alexander PopovAdd the 'kernel.randomize_va_space' check commit | commitdiff
2023-10-17 Alexander PopovAdd the 'fs.suid_dumpable' check commit | commitdiff
2023-10-17 Alexander PopovChange the reason of the COREDUMP check commit | commitdiff
2023-10-17 Alexander PopovAdd the 'fs.protected_regular' check commit | commitdiff
2023-10-17 Alexander PopovAdd the 'fs.protected_fifos' check commit | commitdiff
2023-10-17 Alexander PopovAdd the 'fs.protected_hardlinks' check commit | commitdiff
2023-10-17 Alexander PopovAdd the 'fs.protected_symlinks' check commit | commitdiff
2023-10-17 Alexander PopovAdd the 'vm.unprivileged_userfaultfd' check commit | commitdiff
2023-10-17 Alexander PopovAdd the 'kernel.yama.ptrace_scope' check commit | commitdiff
2023-10-17 Alexander PopovAdd the 'kernel.kptr_restrict' check commit | commitdiff
2023-10-17 Alexander PopovImprove the slab_common.usercopy_fallback check commit | commitdiff
2023-10-17 Alexander Popovhardened_usercopy=1 is now officially recommended by... commit | commitdiff
2023-10-16 Alexander PopovEnabling page_alloc.shuffle is now recommended by KSPP commit | commitdiff
2023-10-16 Alexander Popov'mitigations=auto,nosmt' is now recommended by KSPP commit | commitdiff
next
kconfig-hardened-check