projects / kconfig-hardened-check.git / log
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
kconfig-hardened-check.git
5 years agoAdd Oracle Unbreakable Enterprise Kernel 5 (UEK-5) config
commit | commitdiff | tree
Alexander Popov [Tue, 3 Jul 2018 20:31:48 +0000 (23:31 +0300)]
Add Oracle Unbreakable Enterprise Kernel 5 (UEK-5) config

6 years agoDrop CONFIG_DEBUG_KERNEL from kspp-recommendations.config
commit | commitdiff | tree
Alexander Popov [Fri, 22 Jun 2018 12:34:23 +0000 (15:34 +0300)]
Drop CONFIG_DEBUG_KERNEL from kspp-recommendations.config

It is needed only for kernels prior to v4.11 (Kees has updated the wiki)

6 years agoDisable buggy IP_SCTP to cut attack surface
commit | commitdiff | tree
Alexander Popov [Wed, 20 Jun 2018 21:07:52 +0000 (00:07 +0300)]
Disable buggy IP_SCTP to cut attack surface

6 years agoDisable only CONFIG_USER_NS, not whole CONFIG_NAMESPACES
commit | commitdiff | tree
Alexander Popov [Wed, 20 Jun 2018 21:09:12 +0000 (00:09 +0300)]
Disable only CONFIG_USER_NS, not whole CONFIG_NAMESPACES

Thanks to @Bernhard40 for the correction

Signed-off-by: Alexander Popov <alex.popov@linux.com>
6 years agoAdd kconfig-hardened-check.py
commit | commitdiff | tree
Alexander Popov [Wed, 20 Jun 2018 14:09:42 +0000 (17:09 +0300)]
Add kconfig-hardened-check.py

This script helps me to check the Linux kernel Kconfig option list
against my hardening preferences for x86_64.

Nobody likes checking configs manually. Let the computers do their job!

Signed-off-by: Alexander Popov <alex.popov@linux.com>
kconfig-hardened-check