projects / kconfig-hardened-check.git / history
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
Add the "MAGIC_SYSRQ_SERIAL" check
[kconfig-hardened-check.git] / kernel_hardening_checker / checks.py
2024-06-16 Alexander PopovAdd the "MAGIC_SYSRQ_SERIAL" check blob | commitdiff | raw
2024-06-16 Alexander PopovAdd the "kernel.sysrq" check blob | commitdiff | raw | diff to current
2024-06-15 Alexander PopovAdd the MAGIC_SYSRQ_DEFAULT_ENABLE check blob | commitdiff | raw | diff to current
2024-06-15 Alexander PopovSync with KSPP: update the `decision` for some checks blob | commitdiff | raw | diff to current
2024-06-15 Alexander Popovruff: Fix EXE001 "Shebang is present but file is not... blob | commitdiff | raw | diff to current
2024-06-10 Alexander PopovAdd the comment about 'if arch' for the 'cut_attack_sur... blob | commitdiff | raw | diff to current
2024-06-09 Alexander PopovMerge branch 'scs-pac' blob | commitdiff | raw | diff to current
2024-06-09 Alexander PopovMerge branch 'page-table-check' blob | commitdiff | raw | diff to current
2024-06-02 Alexander PopovMerge branch 'master' into open-check blob | commitdiff | raw | diff to current
2024-06-02 Alexander PopovCheck MITIGATION_SPECTRE_BHI and spectre_bhi blob | commitdiff | raw | diff to current
2024-06-02 Alexander PopovCheck MITIGATION_RFDS and reg_file_data_sampling blob | commitdiff | raw | diff to current
2024-06-02 Alexander PopovAdd the new name of SPECULATION_MITIGATIONS blob | commitdiff | raw | diff to current
2024-06-02 Alexander PopovAdd the new names of RETPOLINE, CPU_SRSO, SLS blob | commitdiff | raw | diff to current
2024-06-02 Alexander PopovAdd the new name of PAGE_TABLE_ISOLATION blob | commitdiff | raw | diff to current
2024-05-22 jvoisinAdd two PAGE_TABLE_CHECK related checks from kspp 140/head blob | commitdiff | raw | diff to current
2024-05-19 Julien VoisinMerge branch 'master' into scs_pac 131/head blob | commitdiff | raw | diff to current
2024-05-14 Alexander PopovMerge remote-tracking branch 'origin/pylint' blob | commitdiff | raw | diff to current
2024-05-14 Alexander PopovDon't use TODO to avoid pylint warnings 136/head blob | commitdiff | raw | diff to current
2024-05-14 Alexander PopovDrop 'disable=invalid-name' for pylint blob | commitdiff | raw | diff to current
2024-05-13 Alexander PopovMerge branch 'typing' blob | commitdiff | raw | diff to current
2024-05-13 Alexander PopovStyle fixes for engine import blob | commitdiff | raw | diff to current
2024-05-13 Alexander PopovAdd more precise typing for checklist: List[ChecklistOb... blob | commitdiff | raw | diff to current
2024-05-12 Alexander PopovAdd more typing annotations to checks.py blob | commitdiff | raw | diff to current
2024-05-03 jvoisinAdd a check for CONFIG_UNWIND_PATCH_PAC_INTO_SCS blob | commitdiff | raw | diff to current
2024-05-03 Julien VoisinMerge branch 'master' into typing blob | commitdiff | raw | diff to current
2024-05-02 Alexander PopovMerge branch 'skip_sysctl' blob | commitdiff | raw | diff to current
2024-05-02 Alexander PopovStyle fixes, should be no functional changes 125/head blob | commitdiff | raw | diff to current
2024-05-02 Alexander PopovFix the reason and decision of the KEXEC_CORE check blob | commitdiff | raw | diff to current
2024-05-02 Alexander PopovFix the reason and decision of the BPF_JIT check blob | commitdiff | raw | diff to current
2024-05-02 Alexander PopovRestore the `dev.tty.legacy_tiocsti` check blob | commitdiff | raw | diff to current
2024-05-02 Alexander PopovUse CONFIG_LOCALVERSION instead of CONFIG_DEFAULT_INIT... blob | commitdiff | raw | diff to current
2024-05-02 Eneas U de Queirozskip kernel.modules_disabled if MODULES not set blob | commitdiff | raw | diff to current
2024-05-02 Eneas U de QueirozSkip unprivileged_userfaultfd if USERFAULTFD unset blob | commitdiff | raw | diff to current
2024-05-02 Eneas U de QueirozDon't fail if dev.tty.legacy_tiocsti not found blob | commitdiff | raw | diff to current
2024-05-02 Eneas U de QueirozSkip unprivileged_bpf_disabled if BPF_SYSCALL not set blob | commitdiff | raw | diff to current
2024-05-02 Eneas U de QueirozSkip kexec_load_disabled if KEXEC_CORE is not set blob | commitdiff | raw | diff to current
2024-05-02 Eneas U de QueirozSkip bpf_jit_harden sysctl if BPF_JIT is not set blob | commitdiff | raw | diff to current
2024-04-30 Alexander PopovMerge branch 'cpu_depend' blob | commitdiff | raw | diff to current
2024-04-30 jvoisinAdd some lightweight typing blob | commitdiff | raw | diff to current
2024-04-30 Alexander PopovFix the reason and decision for CPU_SUP_INTEL 123/head blob | commitdiff | raw | diff to current
2024-04-30 Alexander PopovStyle fixes blob | commitdiff | raw | diff to current
2024-04-23 Eneas U de QueirozSkip CPU-dependent checks if CPU is not supported blob | commitdiff | raw | diff to current
2024-04-18 Alexander PopovAdd the BLK_DEV_WRITE_MOUNTED/bdev_allow_write_mounted... blob | commitdiff | raw | diff to current
2024-04-17 Alexander PopovMerge branch 'shstk' blob | commitdiff | raw | diff to current
2024-04-17 Alexander PopovFix 'decision' for the X86_USER_SHADOW_STACK check 120/head blob | commitdiff | raw | diff to current
2024-04-15 jvoisinAdd a check for X86_USER_SHADOW_STACK blob | commitdiff | raw | diff to current
2024-03-30 Alexander PopovAdd a comment that 'user.max_user_namespaces=0' may... blob | commitdiff | raw | diff to current
2024-03-25 Alexander PopovImprove the CONFIG_CFI_CLANG checks (add the CONFIG_CC_... blob | commitdiff | raw | diff to current
2024-03-25 Alexander PopovDrop the GCC_PLUGINS check (checking CC_IS_GCC is enough) blob | commitdiff | raw | diff to current
2024-03-25 Alexander PopovAdd the CONFIG_CC_IS_GCC dependency for gcc plugins blob | commitdiff | raw | diff to current
2024-03-25 Alexander PopovDon't require GCC_PLUGINS separately blob | commitdiff | raw | diff to current
2024-03-24 Alexander PopovRename the 'my' check decision to 'a13xp0p0v' blob | commitdiff | raw | diff to current
2024-03-11 Alexander PopovImprove the DEBUG_CREDENTIALS check blob | commitdiff | raw | diff to current
2024-03-10 Alexander PopovFix the false result of the REFCOUNT_FULL check for... blob | commitdiff | raw | diff to current
2024-03-09 Alexander PopovUse 3 numbers in the VersionCheck constructor blob | commitdiff | raw | diff to current
2024-03-04 Alexander PopovAdd the ia32_emulation check blob | commitdiff | raw | diff to current
2024-02-19 Alexander PopovAdd MODULE_SIG_SHA3_512 as a valid option blob | commitdiff | raw | diff to current
2024-02-17 Alexander PopovMake LOCKDOWN_LSM 'self_protection', not 'security_policy' blob | commitdiff | raw | diff to current
2024-01-16 Alexander PopovImprove the check of DEBUG_NOTIFIERS feature (part 2) blob | commitdiff | raw | diff to current
2024-01-16 Alexander PopovImprove the check of DEBUG_NOTIFIERS feature blob | commitdiff | raw | diff to current
2024-01-16 Alexander PopovImprove the check of SCHED_STACK_END_CHECK. blob | commitdiff | raw | diff to current
2024-01-16 Alexander PopovDisable pylint too-many-locals, it's not useful for... blob | commitdiff | raw | diff to current
2024-01-16 Alexander PopovFix pylint W0613: Unused argument 'arch' blob | commitdiff | raw | diff to current
2024-01-14 Alexander PopovUBSAN_SANITIZE_ALL is now available for ARM blob | commitdiff | raw | diff to current
2023-12-30 Alexander PopovFix the order in the vdso32 check (part II) blob | commitdiff | raw | diff to current
2023-12-30 Alexander PopovFix the order in the vdso32 check blob | commitdiff | raw | diff to current
2023-12-30 Alexander PopovFix the 'decision' for the 'AIO' check blob | commitdiff | raw | diff to current
2023-12-29 Alexander PopovFix the 'decision' for the 'vdso32' check blob | commitdiff | raw | diff to current
2023-12-29 Alexander PopovImprove the comment for the 'slab_common.usercopy_fallb... blob | commitdiff | raw | diff to current
2023-12-28 Alexander PopovFix the arch condition for the SCHED_CORE check (III) blob | commitdiff | raw | diff to current
2023-12-28 Alexander PopovFix the arch for the CPU_SRSO check (it's available... blob | commitdiff | raw | diff to current
2023-12-28 Alexander PopovSplit the HW_RANDOM_TPM check (it's enabled by default... blob | commitdiff | raw | diff to current
2023-12-28 Alexander PopovChange the 'decision' of the INIT_STACK_ALL_ZERO check blob | commitdiff | raw | diff to current
2023-12-16 Alexander PopovAdd the RANDOM_KMALLOC_CACHES check blob | commitdiff | raw | diff to current
2023-12-16 Alexander PopovAdd the SECURITY_SELINUX_DEBUG check blob | commitdiff | raw | diff to current
2023-12-16 Alexander PopovFix the 'decision' for the LEGACY_TIOCSTI check blob | commitdiff | raw | diff to current
2023-12-16 Alexander PopovAdd the CONFIG_LIST_HARDENED check blob | commitdiff | raw | diff to current
2023-12-09 Alexander PopovAdd the gather_data_sampling check blob | commitdiff | raw | diff to current
2023-12-09 Alexander PopovAdd the CPU_SRSO check blob | commitdiff | raw | diff to current
2023-12-09 Alexander PopovAdd the SPECULATION_MITIGATIONS check blob | commitdiff | raw | diff to current
2023-12-09 Alexander PopovAdd the spec_rstack_overflow check blob | commitdiff | raw | diff to current
2023-12-09 Alexander PopovAdd the MODULE_FORCE_LOAD check blob | commitdiff | raw | diff to current
2023-12-02 Alexander PopovAdd the check for dis_ucode_ldr blob | commitdiff | raw | diff to current
2023-12-02 Alexander PopovAdd the MICROCODE_INTEL and MICROCODE_AMD checks blob | commitdiff | raw | diff to current
2023-12-02 Alexander PopovAdd a check for the 'kfence.sample_interval' boot parameter blob | commitdiff | raw | diff to current
2023-12-02 Alexander PopovAdd the KFENCE_SAMPLE_INTERVAL check blob | commitdiff | raw | diff to current
2023-12-02 Alexander PopovKeep the recommendation to disable kernel modules blob | commitdiff | raw | diff to current
2023-12-02 Alexander PopovAdd a comment about 'kernel.modules_disabled' blob | commitdiff | raw | diff to current
2023-10-18 Alexander PopovFix the reason for the 'kernel.yama.ptrace_scope' check blob | commitdiff | raw | diff to current
2023-10-17 Alexander PopovFix the reason for the nosmt check blob | commitdiff | raw | diff to current
2023-10-17 Alexander PopovAdd the 'dev.tty.legacy_tiocsti' check blob | commitdiff | raw | diff to current
2023-10-17 Alexander PopovAdd the 'kernel.randomize_va_space' check blob | commitdiff | raw | diff to current
2023-10-17 Alexander PopovAdd the 'fs.suid_dumpable' check blob | commitdiff | raw | diff to current
2023-10-17 Alexander PopovChange the reason of the COREDUMP check blob | commitdiff | raw | diff to current
2023-10-17 Alexander PopovAdd the 'fs.protected_regular' check blob | commitdiff | raw | diff to current
2023-10-17 Alexander PopovAdd the 'fs.protected_fifos' check blob | commitdiff | raw | diff to current
2023-10-17 Alexander PopovAdd the 'fs.protected_hardlinks' check blob | commitdiff | raw | diff to current
2023-10-17 Alexander PopovAdd the 'fs.protected_symlinks' check blob | commitdiff | raw | diff to current
2023-10-17 Alexander PopovAdd the 'vm.unprivileged_userfaultfd' check blob | commitdiff | raw | diff to current
2023-10-17 Alexander PopovAdd the 'kernel.yama.ptrace_scope' check blob | commitdiff | raw | diff to current
next
kconfig-hardened-check