projects
/
kconfig-hardened-check.git
/ history
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
first ⋅ prev ⋅ next
Make LOCKDOWN_LSM 'self_protection', not 'security_policy'
[kconfig-hardened-check.git]
/
kernel_hardening_checker
/
checks.py
2024-02-17
Alexander Popov
Make LOCKDOWN_LSM 'self_protection', not 'security_policy'
blob
|
commitdiff
|
raw
2024-01-16
Alexander Popov
Improve the check of DEBUG_NOTIFIERS feature (part 2)
blob
|
commitdiff
|
raw
|
diff to current
2024-01-16
Alexander Popov
Improve the check of DEBUG_NOTIFIERS feature
blob
|
commitdiff
|
raw
|
diff to current
2024-01-16
Alexander Popov
Improve the check of SCHED_STACK_END_CHECK.
blob
|
commitdiff
|
raw
|
diff to current
2024-01-16
Alexander Popov
Disable pylint too-many-locals, it's not useful for...
blob
|
commitdiff
|
raw
|
diff to current
2024-01-16
Alexander Popov
Fix pylint W0613: Unused argument 'arch'
blob
|
commitdiff
|
raw
|
diff to current
2024-01-14
Alexander Popov
UBSAN_SANITIZE_ALL is now available for ARM
blob
|
commitdiff
|
raw
|
diff to current
2023-12-30
Alexander Popov
Fix the order in the vdso32 check (part II)
blob
|
commitdiff
|
raw
|
diff to current
2023-12-30
Alexander Popov
Fix the order in the vdso32 check
blob
|
commitdiff
|
raw
|
diff to current
2023-12-30
Alexander Popov
Fix the 'decision' for the 'AIO' check
blob
|
commitdiff
|
raw
|
diff to current
2023-12-29
Alexander Popov
Fix the 'decision' for the 'vdso32' check
blob
|
commitdiff
|
raw
|
diff to current
2023-12-29
Alexander Popov
Improve the comment for the 'slab_common.usercopy_fallb...
blob
|
commitdiff
|
raw
|
diff to current
2023-12-28
Alexander Popov
Fix the arch condition for the SCHED_CORE check (III)
blob
|
commitdiff
|
raw
|
diff to current
2023-12-28
Alexander Popov
Fix the arch for the CPU_SRSO check (it's available...
blob
|
commitdiff
|
raw
|
diff to current
2023-12-28
Alexander Popov
Split the HW_RANDOM_TPM check (it's enabled by default...
blob
|
commitdiff
|
raw
|
diff to current
2023-12-28
Alexander Popov
Change the 'decision' of the INIT_STACK_ALL_ZERO check
blob
|
commitdiff
|
raw
|
diff to current
2023-12-16
Alexander Popov
Add the RANDOM_KMALLOC_CACHES check
blob
|
commitdiff
|
raw
|
diff to current
2023-12-16
Alexander Popov
Add the SECURITY_SELINUX_DEBUG check
blob
|
commitdiff
|
raw
|
diff to current
2023-12-16
Alexander Popov
Fix the 'decision' for the LEGACY_TIOCSTI check
blob
|
commitdiff
|
raw
|
diff to current
2023-12-16
Alexander Popov
Add the CONFIG_LIST_HARDENED check
blob
|
commitdiff
|
raw
|
diff to current
2023-12-09
Alexander Popov
Add the gather_data_sampling check
blob
|
commitdiff
|
raw
|
diff to current
2023-12-09
Alexander Popov
Add the CPU_SRSO check
blob
|
commitdiff
|
raw
|
diff to current
2023-12-09
Alexander Popov
Add the SPECULATION_MITIGATIONS check
blob
|
commitdiff
|
raw
|
diff to current
2023-12-09
Alexander Popov
Add the spec_rstack_overflow check
blob
|
commitdiff
|
raw
|
diff to current
2023-12-09
Alexander Popov
Add the MODULE_FORCE_LOAD check
blob
|
commitdiff
|
raw
|
diff to current
2023-12-02
Alexander Popov
Add the check for dis_ucode_ldr
blob
|
commitdiff
|
raw
|
diff to current
2023-12-02
Alexander Popov
Add the MICROCODE_INTEL and MICROCODE_AMD checks
blob
|
commitdiff
|
raw
|
diff to current
2023-12-02
Alexander Popov
Add a check for the 'kfence.sample_interval' boot parameter
blob
|
commitdiff
|
raw
|
diff to current
2023-12-02
Alexander Popov
Add the KFENCE_SAMPLE_INTERVAL check
blob
|
commitdiff
|
raw
|
diff to current
2023-12-02
Alexander Popov
Keep the recommendation to disable kernel modules
blob
|
commitdiff
|
raw
|
diff to current
2023-12-02
Alexander Popov
Add a comment about 'kernel.modules_disabled'
blob
|
commitdiff
|
raw
|
diff to current
2023-10-18
Alexander Popov
Fix the reason for the 'kernel.yama.ptrace_scope' check
blob
|
commitdiff
|
raw
|
diff to current
2023-10-17
Alexander Popov
Fix the reason for the nosmt check
blob
|
commitdiff
|
raw
|
diff to current
2023-10-17
Alexander Popov
Add the 'dev.tty.legacy_tiocsti' check
blob
|
commitdiff
|
raw
|
diff to current
2023-10-17
Alexander Popov
Add the 'kernel.randomize_va_space' check
blob
|
commitdiff
|
raw
|
diff to current
2023-10-17
Alexander Popov
Add the 'fs.suid_dumpable' check
blob
|
commitdiff
|
raw
|
diff to current
2023-10-17
Alexander Popov
Change the reason of the COREDUMP check
blob
|
commitdiff
|
raw
|
diff to current
2023-10-17
Alexander Popov
Add the 'fs.protected_regular' check
blob
|
commitdiff
|
raw
|
diff to current
2023-10-17
Alexander Popov
Add the 'fs.protected_fifos' check
blob
|
commitdiff
|
raw
|
diff to current
2023-10-17
Alexander Popov
Add the 'fs.protected_hardlinks' check
blob
|
commitdiff
|
raw
|
diff to current
2023-10-17
Alexander Popov
Add the 'fs.protected_symlinks' check
blob
|
commitdiff
|
raw
|
diff to current
2023-10-17
Alexander Popov
Add the 'vm.unprivileged_userfaultfd' check
blob
|
commitdiff
|
raw
|
diff to current
2023-10-17
Alexander Popov
Add the 'kernel.yama.ptrace_scope' check
blob
|
commitdiff
|
raw
|
diff to current
2023-10-17
Alexander Popov
Add the 'kernel.kptr_restrict' check
blob
|
commitdiff
|
raw
|
diff to current
2023-10-17
Alexander Popov
Improve the slab_common.usercopy_fallback check
blob
|
commitdiff
|
raw
|
diff to current
2023-10-17
Alexander Popov
hardened_usercopy=1 is now officially recommended by...
blob
|
commitdiff
|
raw
|
diff to current
2023-10-16
Alexander Popov
Enabling page_alloc.shuffle is now recommended by KSPP
blob
|
commitdiff
|
raw
|
diff to current
2023-10-16
Alexander Popov
'mitigations=auto,nosmt' is now recommended by KSPP
blob
|
commitdiff
|
raw
|
diff to current
2023-10-16
Alexander Popov
Disabling X86_VSYSCALL_EMULATION is now recommended...
blob
|
commitdiff
|
raw
|
diff to current
2023-10-16
Alexander Popov
Use /usr/bin/env in shebangs (#90)
blob
|
commitdiff
|
raw
|
diff to current
2023-10-05
Sandro Jäckel
Use /usr/bin/env in shebangs
90/head
blob
|
commitdiff
|
raw
|
diff to current
2023-10-04
Alexander Popov
Drop ZERO_CALL_USED_REGS in favour of backward-edge CFI
blob
|
commitdiff
|
raw
|
diff to current
2023-09-17
Alexander Popov
Rename kconfig-hardened-check into kernel-hardening...
blob
|
commitdiff
|
raw
|
diff to current
2023-09-17
Alexander Popov
kconfig-hardened-check -> kernel-hardening-checker
blob
|
commitdiff
|
raw
|
diff to current