From 35f90af9096a0dad868107ea6dc005468badd5c3 Mon Sep 17 00:00:00 2001 From: Alexander Popov Date: Sat, 9 Sep 2023 23:18:12 +0300 Subject: [PATCH] kconfig-hardened-check -> kernel-hardening-checker --- .github/workflows/engine_unit-test.yml | 2 +- .github/workflows/functional_test.sh | 108 +++++++++--------- .github/workflows/functional_test.yml | 6 +- .woodpecker/engine_unit-test.yml | 2 +- .woodpecker/functional_test.yml | 8 +- MANIFEST.in | 2 +- README.md | 56 ++++----- ...ardened-check => kernel-hardening-checker} | 4 +- .../__about__.py | 0 .../__init__.py | 2 +- .../checks.py | 0 .../defconfigs/arm64_defconfig_4.20.config | 0 .../defconfigs/arm64_defconfig_5.0.config | 0 .../defconfigs/arm64_defconfig_5.10.config | 0 .../defconfigs/arm64_defconfig_5.14.config | 0 .../arm64_defconfig_5.14_clang.config | 0 .../defconfigs/arm64_defconfig_5.17.config | 0 .../arm64_defconfig_5.17_clang.config | 0 .../defconfigs/arm64_defconfig_5.4.config | 0 .../defconfigs/arm64_defconfig_5.5.config | 0 .../defconfigs/arm64_defconfig_5.7.config | 0 .../defconfigs/arm64_defconfig_5.9.config | 0 .../defconfigs/arm64_defconfig_6.1.config | 0 .../arm64_defconfig_6.1_clang.config | 0 .../defconfigs/arm_defconfig_4.20.config | 0 .../defconfigs/arm_defconfig_5.0.config | 0 .../defconfigs/arm_defconfig_5.10.config | 0 .../defconfigs/arm_defconfig_5.14.config | 0 .../defconfigs/arm_defconfig_5.17.config | 0 .../defconfigs/arm_defconfig_5.4.config | 0 .../defconfigs/arm_defconfig_5.5.config | 0 .../defconfigs/arm_defconfig_5.7.config | 0 .../defconfigs/arm_defconfig_5.9.config | 0 .../defconfigs/arm_defconfig_6.1.config | 0 .../defconfigs/x86_32_defconfig_4.20.config | 0 .../defconfigs/x86_32_defconfig_5.0.config | 0 .../defconfigs/x86_32_defconfig_5.10.config | 0 .../defconfigs/x86_32_defconfig_5.14.config | 0 .../defconfigs/x86_32_defconfig_5.17.config | 0 .../defconfigs/x86_32_defconfig_5.4.config | 0 .../defconfigs/x86_32_defconfig_5.5.config | 0 .../defconfigs/x86_32_defconfig_5.7.config | 0 .../defconfigs/x86_32_defconfig_5.9.config | 0 .../defconfigs/x86_32_defconfig_6.1.config | 0 .../defconfigs/x86_64_defconfig_4.20.config | 0 .../defconfigs/x86_64_defconfig_5.0.config | 0 .../defconfigs/x86_64_defconfig_5.10.config | 0 .../defconfigs/x86_64_defconfig_5.14.config | 0 .../defconfigs/x86_64_defconfig_5.17.config | 0 .../defconfigs/x86_64_defconfig_5.4.config | 0 .../defconfigs/x86_64_defconfig_5.5.config | 0 .../defconfigs/x86_64_defconfig_5.7.config | 0 .../defconfigs/x86_64_defconfig_5.9.config | 0 .../defconfigs/x86_64_defconfig_6.1.config | 0 .../distros/Alpinelinux-edge.config | 0 .../config_files/distros/AmazonLinux2.config | 0 .../distros/Archlinux-hardened.config | 0 .../config_files/distros/SLE15.config | 0 .../distros/android_gki_android13-5.10.config | 0 .../distros/android_pixel-3a.config | 0 .../distros/android_pixel-7.config | 0 .../distros/android_samsung_s23.config | 0 .../config_files/distros/cbl-mariner.config | 0 .../distros/clearlinux-master.config | 0 .../distros/clipos_kernel_doc.txt | 0 .../config_files/distros/debian-buster.config | 0 .../config_files/distros/example_config.gz | Bin .../config_files/distros/example_sysctls.txt | 0 .../config_files/distros/fedora_34.config | 0 .../config_files/distros/fedora_38.config | 0 .../distros/get-nixos-kconfig.nix | 0 .../distros/nixpkgs-linux_hardened.config | 0 .../distros/nixpkgs-linux_latest.config | 0 .../distros/nixpkgs-linux_lts.config | 0 .../config_files/distros/openSUSE-15.1.config | 0 .../config_files/distros/oracle-uek6.config | 0 .../config_files/distros/pentoo-livecd.config | 0 .../config_files/distros/rhel-8.0.config | 0 .../config_files/distros/ubuntu-focal.config | 0 .../kspp-cmdline-x86-64.txt | 0 .../kspp-kconfig-arm.config | 0 .../kspp-kconfig-arm64.config | 0 .../kspp-kconfig-x86-32.config | 0 .../kspp-kconfig-x86-64.config | 0 .../config_files/links.txt | 0 .../engine.py | 0 .../test_engine.py | 2 +- setup.cfg | 16 +-- setup.py | 2 +- 89 files changed, 105 insertions(+), 105 deletions(-) rename bin/{kconfig-hardened-check => kernel-hardening-checker} (81%) rename {kconfig_hardened_check => kernel_hardening_checker}/__about__.py (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/__init__.py (99%) rename {kconfig_hardened_check => kernel_hardening_checker}/checks.py (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm64_defconfig_4.20.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm64_defconfig_5.0.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm64_defconfig_5.10.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm64_defconfig_5.14.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm64_defconfig_5.14_clang.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm64_defconfig_5.17.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm64_defconfig_5.17_clang.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm64_defconfig_5.4.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm64_defconfig_5.5.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm64_defconfig_5.7.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm64_defconfig_5.9.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm64_defconfig_6.1.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm64_defconfig_6.1_clang.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm_defconfig_4.20.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm_defconfig_5.0.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm_defconfig_5.10.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm_defconfig_5.14.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm_defconfig_5.17.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm_defconfig_5.4.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm_defconfig_5.5.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm_defconfig_5.7.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm_defconfig_5.9.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/arm_defconfig_6.1.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/x86_32_defconfig_4.20.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/x86_32_defconfig_5.0.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/x86_32_defconfig_5.10.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/x86_32_defconfig_5.14.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/x86_32_defconfig_5.17.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/x86_32_defconfig_5.4.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/x86_32_defconfig_5.5.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/x86_32_defconfig_5.7.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/x86_32_defconfig_5.9.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/x86_32_defconfig_6.1.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/x86_64_defconfig_4.20.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/x86_64_defconfig_5.0.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/x86_64_defconfig_5.10.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/x86_64_defconfig_5.14.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/x86_64_defconfig_5.17.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/x86_64_defconfig_5.4.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/x86_64_defconfig_5.5.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/x86_64_defconfig_5.7.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/x86_64_defconfig_5.9.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/defconfigs/x86_64_defconfig_6.1.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/Alpinelinux-edge.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/AmazonLinux2.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/Archlinux-hardened.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/SLE15.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/android_gki_android13-5.10.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/android_pixel-3a.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/android_pixel-7.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/android_samsung_s23.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/cbl-mariner.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/clearlinux-master.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/clipos_kernel_doc.txt (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/debian-buster.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/example_config.gz (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/example_sysctls.txt (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/fedora_34.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/fedora_38.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/get-nixos-kconfig.nix (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/nixpkgs-linux_hardened.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/nixpkgs-linux_latest.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/nixpkgs-linux_lts.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/openSUSE-15.1.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/oracle-uek6.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/pentoo-livecd.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/rhel-8.0.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/distros/ubuntu-focal.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/kspp-recommendations/kspp-cmdline-x86-64.txt (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/kspp-recommendations/kspp-kconfig-arm.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/kspp-recommendations/kspp-kconfig-arm64.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/kspp-recommendations/kspp-kconfig-x86-32.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/kspp-recommendations/kspp-kconfig-x86-64.config (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/config_files/links.txt (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/engine.py (100%) rename {kconfig_hardened_check => kernel_hardening_checker}/test_engine.py (99%) diff --git a/.github/workflows/engine_unit-test.yml b/.github/workflows/engine_unit-test.yml index 71204ae..7f1665a 100644 --- a/.github/workflows/engine_unit-test.yml +++ b/.github/workflows/engine_unit-test.yml @@ -34,7 +34,7 @@ jobs: - name: Run unit-tests and collect coverage run: | - coverage run --include=kconfig_hardened_check/engine.py,kconfig_hardened_check/test_engine.py -m unittest -v -b + coverage run --include=kernel_hardening_checker/engine.py,kernel_hardening_checker/test_engine.py -m unittest -v -b coverage xml -i -o coverage_unittest.xml - name: Handle coverage diff --git a/.github/workflows/functional_test.sh b/.github/workflows/functional_test.sh index c17e67d..106320c 100644 --- a/.github/workflows/functional_test.sh +++ b/.github/workflows/functional_test.sh @@ -9,34 +9,34 @@ git show -s echo "Beginning of the functional tests" echo ">>>>> get help <<<<<" -coverage run -a --branch bin/kconfig-hardened-check -coverage run -a --branch bin/kconfig-hardened-check -h +coverage run -a --branch bin/kernel-hardening-checker +coverage run -a --branch bin/kernel-hardening-checker -h echo ">>>>> get version <<<<<" -coverage run -a --branch bin/kconfig-hardened-check --version +coverage run -a --branch bin/kernel-hardening-checker --version echo ">>>>> print the security hardening recommendations <<<<<" -coverage run -a --branch bin/kconfig-hardened-check -p X86_64 -coverage run -a --branch bin/kconfig-hardened-check -p X86_64 -m verbose -coverage run -a --branch bin/kconfig-hardened-check -p X86_64 -m json +coverage run -a --branch bin/kernel-hardening-checker -p X86_64 +coverage run -a --branch bin/kernel-hardening-checker -p X86_64 -m verbose +coverage run -a --branch bin/kernel-hardening-checker -p X86_64 -m json -coverage run -a --branch bin/kconfig-hardened-check -p X86_32 -coverage run -a --branch bin/kconfig-hardened-check -p X86_32 -m verbose -coverage run -a --branch bin/kconfig-hardened-check -p X86_32 -m json +coverage run -a --branch bin/kernel-hardening-checker -p X86_32 +coverage run -a --branch bin/kernel-hardening-checker -p X86_32 -m verbose +coverage run -a --branch bin/kernel-hardening-checker -p X86_32 -m json -coverage run -a --branch bin/kconfig-hardened-check -p ARM64 -coverage run -a --branch bin/kconfig-hardened-check -p ARM64 -m verbose -coverage run -a --branch bin/kconfig-hardened-check -p ARM64 -m json +coverage run -a --branch bin/kernel-hardening-checker -p ARM64 +coverage run -a --branch bin/kernel-hardening-checker -p ARM64 -m verbose +coverage run -a --branch bin/kernel-hardening-checker -p ARM64 -m json -coverage run -a --branch bin/kconfig-hardened-check -p ARM -coverage run -a --branch bin/kconfig-hardened-check -p ARM -m verbose -coverage run -a --branch bin/kconfig-hardened-check -p ARM -m json +coverage run -a --branch bin/kernel-hardening-checker -p ARM +coverage run -a --branch bin/kernel-hardening-checker -p ARM -m verbose +coverage run -a --branch bin/kernel-hardening-checker -p ARM -m json echo ">>>>> generate the Kconfig fragment <<<<<" -coverage run -a --branch bin/kconfig-hardened-check -g X86_64 -coverage run -a --branch bin/kconfig-hardened-check -g X86_32 -coverage run -a --branch bin/kconfig-hardened-check -g ARM64 -coverage run -a --branch bin/kconfig-hardened-check -g ARM +coverage run -a --branch bin/kernel-hardening-checker -g X86_64 +coverage run -a --branch bin/kernel-hardening-checker -g X86_32 +coverage run -a --branch bin/kernel-hardening-checker -g ARM64 +coverage run -a --branch bin/kernel-hardening-checker -g ARM echo ">>>>> check the example kconfig files, cmdline, and sysctl <<<<<" cat /proc/cmdline @@ -51,103 +51,103 @@ for C in $KCONFIGS do COUNT=$(expr $COUNT + 1) echo "\n>>>>> checking kconfig number $COUNT <<<<<" - coverage run -a --branch bin/kconfig-hardened-check -c $C - coverage run -a --branch bin/kconfig-hardened-check -c $C -m verbose > /dev/null - coverage run -a --branch bin/kconfig-hardened-check -c $C -l /proc/cmdline - coverage run -a --branch bin/kconfig-hardened-check -c $C -s /tmp/sysctls - coverage run -a --branch bin/kconfig-hardened-check -c $C -l ./cmdline_example -s $SYSCTL_EXAMPLE - coverage run -a --branch bin/kconfig-hardened-check -c $C -l ./cmdline_example -s $SYSCTL_EXAMPLE -m verbose > /dev/null - coverage run -a --branch bin/kconfig-hardened-check -c $C -l ./cmdline_example -s $SYSCTL_EXAMPLE -m json - coverage run -a --branch bin/kconfig-hardened-check -c $C -l ./cmdline_example -s $SYSCTL_EXAMPLE -m show_ok - coverage run -a --branch bin/kconfig-hardened-check -c $C -l ./cmdline_example -s $SYSCTL_EXAMPLE -m show_fail + coverage run -a --branch bin/kernel-hardening-checker -c $C + coverage run -a --branch bin/kernel-hardening-checker -c $C -m verbose > /dev/null + coverage run -a --branch bin/kernel-hardening-checker -c $C -l /proc/cmdline + coverage run -a --branch bin/kernel-hardening-checker -c $C -s /tmp/sysctls + coverage run -a --branch bin/kernel-hardening-checker -c $C -l ./cmdline_example -s $SYSCTL_EXAMPLE + coverage run -a --branch bin/kernel-hardening-checker -c $C -l ./cmdline_example -s $SYSCTL_EXAMPLE -m verbose > /dev/null + coverage run -a --branch bin/kernel-hardening-checker -c $C -l ./cmdline_example -s $SYSCTL_EXAMPLE -m json + coverage run -a --branch bin/kernel-hardening-checker -c $C -l ./cmdline_example -s $SYSCTL_EXAMPLE -m show_ok + coverage run -a --branch bin/kernel-hardening-checker -c $C -l ./cmdline_example -s $SYSCTL_EXAMPLE -m show_fail done echo "\n>>>>> have checked $COUNT kconfigs <<<<<" echo ">>>>> check sysctl separately <<<<<" -coverage run -a --branch bin/kconfig-hardened-check -s $SYSCTL_EXAMPLE -coverage run -a --branch bin/kconfig-hardened-check -s $SYSCTL_EXAMPLE -m verbose > /dev/null -coverage run -a --branch bin/kconfig-hardened-check -s $SYSCTL_EXAMPLE -m json -coverage run -a --branch bin/kconfig-hardened-check -s $SYSCTL_EXAMPLE -m show_ok -coverage run -a --branch bin/kconfig-hardened-check -s $SYSCTL_EXAMPLE -m show_fail +coverage run -a --branch bin/kernel-hardening-checker -s $SYSCTL_EXAMPLE +coverage run -a --branch bin/kernel-hardening-checker -s $SYSCTL_EXAMPLE -m verbose > /dev/null +coverage run -a --branch bin/kernel-hardening-checker -s $SYSCTL_EXAMPLE -m json +coverage run -a --branch bin/kernel-hardening-checker -s $SYSCTL_EXAMPLE -m show_ok +coverage run -a --branch bin/kernel-hardening-checker -s $SYSCTL_EXAMPLE -m show_fail echo "Collect coverage for error handling" echo ">>>>> -c and -p together <<<<<" -coverage run -a --branch bin/kconfig-hardened-check -p X86_64 -c kconfig_hardened_check/config_files/distros/fedora_34.config && exit 1 +coverage run -a --branch bin/kernel-hardening-checker -p X86_64 -c kernel_hardening_checker/config_files/distros/fedora_34.config && exit 1 echo ">>>>> -c and -g together <<<<<" -coverage run -a --branch bin/kconfig-hardened-check -g X86_64 -c kconfig_hardened_check/config_files/distros/fedora_34.config && exit 1 +coverage run -a --branch bin/kernel-hardening-checker -g X86_64 -c kernel_hardening_checker/config_files/distros/fedora_34.config && exit 1 echo ">>>>> -l without -c <<<<<" -coverage run -a --branch bin/kconfig-hardened-check -l /proc/cmdline && exit 1 +coverage run -a --branch bin/kernel-hardening-checker -l /proc/cmdline && exit 1 echo ">>>>> -s and -p together <<<<<" -coverage run -a --branch bin/kconfig-hardened-check -p X86_64 -s $SYSCTL_EXAMPLE && exit 1 +coverage run -a --branch bin/kernel-hardening-checker -p X86_64 -s $SYSCTL_EXAMPLE && exit 1 echo ">>>>> -s and -g together <<<<<" -coverage run -a --branch bin/kconfig-hardened-check -g X86_64 -s $SYSCTL_EXAMPLE && exit 1 +coverage run -a --branch bin/kernel-hardening-checker -g X86_64 -s $SYSCTL_EXAMPLE && exit 1 echo ">>>>> -p and -g together <<<<<" -coverage run -a --branch bin/kconfig-hardened-check -p X86_64 -g X86_64 && exit 1 +coverage run -a --branch bin/kernel-hardening-checker -p X86_64 -g X86_64 && exit 1 echo ">>>>> wrong modes for -p <<<<<" -coverage run -a --branch bin/kconfig-hardened-check -p X86_64 -m show_ok && exit 1 -coverage run -a --branch bin/kconfig-hardened-check -p X86_64 -m show_fail && exit 1 +coverage run -a --branch bin/kernel-hardening-checker -p X86_64 -m show_ok && exit 1 +coverage run -a --branch bin/kernel-hardening-checker -p X86_64 -m show_fail && exit 1 echo ">>>>> wrong mode for -g <<<<<" -coverage run -a --branch bin/kconfig-hardened-check -g X86_64 -m show_ok && exit 1 +coverage run -a --branch bin/kernel-hardening-checker -g X86_64 -m show_ok && exit 1 -cp kconfig_hardened_check/config_files/distros/fedora_34.config ./test.config +cp kernel_hardening_checker/config_files/distros/fedora_34.config ./test.config echo ">>>>> no kernel version <<<<<" sed '3d' test.config > error.config -coverage run -a --branch bin/kconfig-hardened-check -c error.config && exit 1 +coverage run -a --branch bin/kernel-hardening-checker -c error.config && exit 1 echo ">>>>> strange kernel version string <<<<<" sed '3 s/5./version 5./' test.config > error.config -coverage run -a --branch bin/kconfig-hardened-check -c error.config && exit 1 +coverage run -a --branch bin/kernel-hardening-checker -c error.config && exit 1 echo ">>>>> no arch <<<<<" sed '305d' test.config > error.config -coverage run -a --branch bin/kconfig-hardened-check -c error.config && exit 1 +coverage run -a --branch bin/kernel-hardening-checker -c error.config && exit 1 echo ">>>>> more than one arch <<<<<" cp test.config error.config echo 'CONFIG_ARM64=y' >> error.config -coverage run -a --branch bin/kconfig-hardened-check -c error.config && exit 1 +coverage run -a --branch bin/kernel-hardening-checker -c error.config && exit 1 echo ">>>>> invalid enabled kconfig option <<<<<" cp test.config error.config echo 'CONFIG_FOO=is not set' >> error.config -coverage run -a --branch bin/kconfig-hardened-check -c error.config && exit 1 +coverage run -a --branch bin/kernel-hardening-checker -c error.config && exit 1 echo ">>>>> one config option multiple times <<<<<" cp test.config error.config echo 'CONFIG_BUG=y' >> error.config -coverage run -a --branch bin/kconfig-hardened-check -c error.config && exit 1 +coverage run -a --branch bin/kernel-hardening-checker -c error.config && exit 1 echo ">>>>> invalid compiler versions <<<<<" cp test.config error.config sed '8 s/CONFIG_CLANG_VERSION=0/CONFIG_CLANG_VERSION=120000/' test.config > error.config -coverage run -a --branch bin/kconfig-hardened-check -c error.config && exit 1 +coverage run -a --branch bin/kernel-hardening-checker -c error.config && exit 1 echo ">>>>> unexpected line in the kconfig file <<<<<" cp test.config error.config echo 'some strange line' >> error.config -coverage run -a --branch bin/kconfig-hardened-check -c error.config && exit 1 +coverage run -a --branch bin/kernel-hardening-checker -c error.config && exit 1 echo ">>>>> multi-line cmdline file <<<<<" echo 'hey man 1' > cmdline echo 'hey man 2' >> cmdline -coverage run -a --branch bin/kconfig-hardened-check -c test.config -l cmdline && exit 1 +coverage run -a --branch bin/kernel-hardening-checker -c test.config -l cmdline && exit 1 echo ">>>>> unexpected line in the sysctl file <<<<<" cp $SYSCTL_EXAMPLE error_sysctls echo 'some strange line' >> error_sysctls -coverage run -a --branch bin/kconfig-hardened-check -c test.config -s error_sysctls && exit 1 +coverage run -a --branch bin/kernel-hardening-checker -c test.config -s error_sysctls && exit 1 echo ">>>>> invalid sysctl file <<<<<" touch empty_file -coverage run -a --branch bin/kconfig-hardened-check -c test.config -s empty_file && exit 1 +coverage run -a --branch bin/kernel-hardening-checker -c test.config -s empty_file && exit 1 echo "The end of the functional tests" diff --git a/.github/workflows/functional_test.yml b/.github/workflows/functional_test.yml index 8441cc3..d8fe1db 100644 --- a/.github/workflows/functional_test.yml +++ b/.github/workflows/functional_test.yml @@ -29,9 +29,9 @@ jobs: run: | python -m pip install --upgrade pip echo "Install the package via pip..." - pip --verbose install git+https://github.com/a13xp0p0v/kconfig-hardened-check + pip --verbose install git+https://github.com/a13xp0p0v/kernel-hardening-checker echo "Run the installed tool..." - kconfig-hardened-check + kernel-hardening-checker - name: Check all configs with the installed tool run: | @@ -44,7 +44,7 @@ jobs: do COUNT=$(expr $COUNT + 1) echo -e "\n>>>>> checking kconfig number $COUNT <<<<<" - kconfig-hardened-check -c $C -l /proc/cmdline -s /tmp/sysctls + kernel-hardening-checker -c $C -l /proc/cmdline -s /tmp/sysctls done echo -e "\nHave checked $COUNT kconfigs" diff --git a/.woodpecker/engine_unit-test.yml b/.woodpecker/engine_unit-test.yml index 5c53f58..199b65b 100644 --- a/.woodpecker/engine_unit-test.yml +++ b/.woodpecker/engine_unit-test.yml @@ -8,6 +8,6 @@ steps: - python --version - pip install --no-cache-dir coverage - echo "Run unit-tests and collect coverage..." - - coverage run --include=kconfig_hardened_check/engine.py,kconfig_hardened_check/test_engine.py -m unittest -v -b + - coverage run --include=kernel_hardening_checker/engine.py,kernel_hardening_checker/test_engine.py -m unittest -v -b - echo "Show the coverage report..." - coverage report diff --git a/.woodpecker/functional_test.yml b/.woodpecker/functional_test.yml index b7d014f..17272f5 100644 --- a/.woodpecker/functional_test.yml +++ b/.woodpecker/functional_test.yml @@ -10,16 +10,16 @@ steps: - ls -la - python --version - echo "Install the package via pip..." - - pip --verbose install --no-cache-dir git+https://github.com/a13xp0p0v/kconfig-hardened-check + - pip --verbose install --no-cache-dir git+https://github.com/a13xp0p0v/kernel-hardening-checker - echo "Run the installed tool..." - - which kconfig-hardened-check - - kconfig-hardened-check + - which kernel-hardening-checker + - kernel-hardening-checker - echo "Check all configs with the installed tool..." - sysctl -a > /tmp/sysctls - CONFIG_DIR=`find /usr/local/lib/ -name config_files` - KCONFIGS=`find $CONFIG_DIR -type f | grep -e "\.config" -e "\.gz"` - COUNT=0 - - for C in $KCONFIGS; do COUNT=$(expr $COUNT + 1); echo ">>>>> checking kconfig number $COUNT <<<<<"; kconfig-hardened-check -c $C -l /proc/cmdline -s /tmp/sysctls; done + - for C in $KCONFIGS; do COUNT=$(expr $COUNT + 1); echo ">>>>> checking kconfig number $COUNT <<<<<"; kernel-hardening-checker -c $C -l /proc/cmdline -s /tmp/sysctls; done - echo "Have checked $COUNT kconfigs" functional-test-with-coverage: image: python:3 diff --git a/MANIFEST.in b/MANIFEST.in index aaaad0c..f5d3c86 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -1,3 +1,3 @@ include README.md include LICENSE.txt -recursive-include kconfig_hardened_check * +recursive-include kernel_hardening_checker * diff --git a/README.md b/README.md index f10ac37..93307f9 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,10 @@ -# kconfig-hardened-check +# kernel-hardening-checker (formerly kconfig-hardened-check) -[![GitHub tag (latest by date)](https://img.shields.io/github/v/tag/a13xp0p0v/kconfig-hardened-check?label=release)](https://github.com/a13xp0p0v/kconfig-hardened-check/tags)
-[![functional test](https://github.com/a13xp0p0v/kconfig-hardened-check/workflows/functional%20test/badge.svg)](https://github.com/a13xp0p0v/kconfig-hardened-check/actions/workflows/functional_test.yml) -[![functional test coverage](https://codecov.io/gh/a13xp0p0v/kconfig-hardened-check/graph/badge.svg?flag=functional_test)](https://codecov.io/gh/a13xp0p0v/kconfig-hardened-check)
-[![engine unit-test](https://github.com/a13xp0p0v/kconfig-hardened-check/workflows/engine%20unit-test/badge.svg)](https://github.com/a13xp0p0v/kconfig-hardened-check/actions/workflows/engine_unit-test.yml) -[![unit-test coverage](https://codecov.io/gh/a13xp0p0v/kconfig-hardened-check/graph/badge.svg?flag=engine_unit-test)](https://codecov.io/gh/a13xp0p0v/kconfig-hardened-check) +[![GitHub tag (latest by date)](https://img.shields.io/github/v/tag/a13xp0p0v/kernel-hardening-checker?label=release)](https://github.com/a13xp0p0v/kernel-hardening-checker/tags)
+[![functional test](https://github.com/a13xp0p0v/kernel-hardening-checker/workflows/functional%20test/badge.svg)](https://github.com/a13xp0p0v/kernel-hardening-checker/actions/workflows/functional_test.yml) +[![functional test coverage](https://codecov.io/gh/a13xp0p0v/kernel-hardening-checker/graph/badge.svg?flag=functional_test)](https://codecov.io/gh/a13xp0p0v/kernel-hardening-checker)
+[![engine unit-test](https://github.com/a13xp0p0v/kernel-hardening-checker/workflows/engine%20unit-test/badge.svg)](https://github.com/a13xp0p0v/kernel-hardening-checker/actions/workflows/engine_unit-test.yml) +[![unit-test coverage](https://codecov.io/gh/a13xp0p0v/kernel-hardening-checker/graph/badge.svg?flag=engine_unit-test)](https://codecov.io/gh/a13xp0p0v/kernel-hardening-checker) ## Motivation @@ -14,7 +14,7 @@ make our systems more secure. But nobody likes checking configs manually. So let the computers do their job! -__kconfig-hardened-check__ is a tool for checking the security hardening options of the Linux kernel. It supports checking: +__kernel-hardening-checker__ is a tool for checking the security hardening options of the Linux kernel. It supports checking: - Kconfig options (compile-time) - Kernel cmdline arguments (boot-time) @@ -39,9 +39,9 @@ of its typical workload. ## Repositories - - Main at GitHub - - Mirror at Codeberg: - - Mirror at GitFlic: + - Main at GitHub + - Mirror at Codeberg: + - Mirror at GitFlic: ## Supported microarchitectures @@ -57,16 +57,16 @@ TODO: RISC-V (issue [#56][22]) You can install the package: ``` -pip install git+https://github.com/a13xp0p0v/kconfig-hardened-check +pip install git+https://github.com/a13xp0p0v/kernel-hardening-checker ``` -or simply run `./bin/kconfig-hardened-check` from the cloned repository. +or simply run `./bin/kernel-hardening-checker` from the cloned repository. -Some Linux distributions also provide `kconfig-hardened-check` as a package. +Some Linux distributions also provide `kernel-hardening-checker` as a package. ## Usage ``` -usage: kconfig-hardened-check [-h] [--version] [-m {verbose,json,show_ok,show_fail}] +usage: kernel-hardening-checker [-h] [--version] [-m {verbose,json,show_ok,show_fail}] [-c CONFIG] [-l CMDLINE] [-s SYSCTL] [-p {X86_64,X86_32,ARM64,ARM}] [-g {X86_64,X86_32,ARM64,ARM}] @@ -110,14 +110,14 @@ CONFIG_DEVMEM |kconfig| is not set | kspp |cut_att ``` - `-m show_fail` for showing only the failed checks - `-m show_ok` for showing only the successful checks - - `-m json` for printing the results in JSON format (for combining `kconfig-hardened-check` with other tools) + - `-m json` for printing the results in JSON format (for combining `kernel-hardening-checker` with other tools) ## Example output for `Fedora 38` kernel configuration ``` -$ ./bin/kconfig-hardened-check -c kconfig_hardened_check/config_files/distros/fedora_38.config -l /proc/cmdline -s kconfig_hardened_check/config_files/distros/example_sysctls.txt -[+] Kconfig file to check: kconfig_hardened_check/config_files/distros/fedora_38.config +$ ./bin/kernel-hardening-checker -c kernel_hardening_checker/config_files/distros/fedora_38.config -l /proc/cmdline -s kernel_hardening_checker/config_files/distros/example_sysctls.txt +[+] Kconfig file to check: kernel_hardening_checker/config_files/distros/fedora_38.config [+] Kernel cmdline file to check: /proc/cmdline -[+] Sysctl output file to check: kconfig_hardened_check/config_files/distros/example_sysctls.txt +[+] Sysctl output file to check: kernel_hardening_checker/config_files/distros/example_sysctls.txt [+] Detected microarchitecture: X86_64 [+] Detected kernel version: 6.3 [+] Detected compiler: GCC 130101 @@ -374,7 +374,7 @@ With the `-g` argument, the tool generates a Kconfig fragment with the security This Kconfig fragment can be merged with the existing Linux kernel config: ``` -$ ./bin/kconfig-hardened-check -g X86_64 > /tmp/fragment +$ ./bin/kernel-hardening-checker -g X86_64 > /tmp/fragment $ cd ~/linux-src/ $ ./scripts/kconfig/merge_config.sh .config /tmp/fragment Using .config as base @@ -389,7 +389,7 @@ New value: CONFIG_BUG_ON_DATA_CORRUPTION=y __Q:__ How all these kernel parameters influence the Linux kernel security? -__A:__ To answer this question, you can use the `kconfig-hardened-check` [sources of recommendations][24] +__A:__ To answer this question, you can use the `kernel-hardening-checker` [sources of recommendations][24] and the [Linux Kernel Defence Map][4] with its references.
@@ -463,7 +463,7 @@ try to install `gcc-7-plugin-dev` package, it should help. [3]: https://grsecurity.net/ [4]: https://github.com/a13xp0p0v/linux-kernel-defence-map [5]: https://lwn.net/Articles/791863/ -[6]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues/38 +[6]: https://github.com/a13xp0p0v/kernel-hardening-checker/issues/38 [7]: https://github.com/BlackIkeEagle [8]: https://blog.herecura.eu/blog/2020-05-30-kconfig-hardening-tests/ [9]: https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html @@ -472,13 +472,13 @@ try to install `gcc-7-plugin-dev` package, it should help. [12]: https://github.com/tych0 [13]: https://github.com/speed47/spectre-meltdown-checker [14]: https://github.com/speed47 -[15]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues/53 -[16]: https://github.com/a13xp0p0v/kconfig-hardened-check/pull/54 -[17]: https://github.com/a13xp0p0v/kconfig-hardened-check/pull/62 +[15]: https://github.com/a13xp0p0v/kernel-hardening-checker/issues/53 +[16]: https://github.com/a13xp0p0v/kernel-hardening-checker/pull/54 +[17]: https://github.com/a13xp0p0v/kernel-hardening-checker/pull/62 [18]: https://cateee.net/lkddb/web-lkddb/ [19]: https://github.com/cateee/lkddb [20]: https://kernel.org/ -[21]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues/66 -[22]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues/56 -[23]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues?q=label%3Akernel_maintainer_feedback -[24]: https://github.com/a13xp0p0v/kconfig-hardened-check#motivation +[21]: https://github.com/a13xp0p0v/kernel-hardening-checker/issues/66 +[22]: https://github.com/a13xp0p0v/kernel-hardening-checker/issues/56 +[23]: https://github.com/a13xp0p0v/kernel-hardening-checker/issues?q=label%3Akernel_maintainer_feedback +[24]: https://github.com/a13xp0p0v/kernel-hardening-checker#motivation diff --git a/bin/kconfig-hardened-check b/bin/kernel-hardening-checker similarity index 81% rename from bin/kconfig-hardened-check rename to bin/kernel-hardening-checker index aad06b4..4c34ef0 100755 --- a/bin/kconfig-hardened-check +++ b/bin/kernel-hardening-checker @@ -10,6 +10,6 @@ current_dir = os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentfra parent_dir = os.path.dirname(current_dir) sys.path.insert(0, parent_dir) -import kconfig_hardened_check +import kernel_hardening_checker -kconfig_hardened_check.main() +kernel_hardening_checker.main() diff --git a/kconfig_hardened_check/__about__.py b/kernel_hardening_checker/__about__.py similarity index 100% rename from kconfig_hardened_check/__about__.py rename to kernel_hardening_checker/__about__.py diff --git a/kconfig_hardened_check/__init__.py b/kernel_hardening_checker/__init__.py similarity index 99% rename from kconfig_hardened_check/__init__.py rename to kernel_hardening_checker/__init__.py index 5a7ff7f..4d5aaca 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kernel_hardening_checker/__init__.py @@ -230,7 +230,7 @@ def main(): # * json mode for printing the results in JSON format report_modes = ['verbose', 'json', 'show_ok', 'show_fail'] supported_archs = ['X86_64', 'X86_32', 'ARM64', 'ARM'] - parser = ArgumentParser(prog='kconfig-hardened-check', + parser = ArgumentParser(prog='kernel-hardening-checker', description='A tool for checking the security hardening options of the Linux kernel') parser.add_argument('--version', action='version', version='%(prog)s ' + __version__) parser.add_argument('-m', '--mode', choices=report_modes, diff --git a/kconfig_hardened_check/checks.py b/kernel_hardening_checker/checks.py similarity index 100% rename from kconfig_hardened_check/checks.py rename to kernel_hardening_checker/checks.py diff --git a/kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_4.20.config b/kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_4.20.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_4.20.config rename to kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_4.20.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_5.0.config b/kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_5.0.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_5.0.config rename to kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_5.0.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_5.10.config b/kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_5.10.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_5.10.config rename to kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_5.10.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_5.14.config b/kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_5.14.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_5.14.config rename to kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_5.14.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_5.14_clang.config b/kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_5.14_clang.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_5.14_clang.config rename to kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_5.14_clang.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_5.17.config b/kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_5.17.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_5.17.config rename to kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_5.17.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_5.17_clang.config b/kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_5.17_clang.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_5.17_clang.config rename to kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_5.17_clang.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_5.4.config b/kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_5.4.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_5.4.config rename to kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_5.4.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_5.5.config b/kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_5.5.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_5.5.config rename to kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_5.5.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_5.7.config b/kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_5.7.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_5.7.config rename to kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_5.7.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_5.9.config b/kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_5.9.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_5.9.config rename to kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_5.9.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_6.1.config b/kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_6.1.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_6.1.config rename to kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_6.1.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_6.1_clang.config b/kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_6.1_clang.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm64_defconfig_6.1_clang.config rename to kernel_hardening_checker/config_files/defconfigs/arm64_defconfig_6.1_clang.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm_defconfig_4.20.config b/kernel_hardening_checker/config_files/defconfigs/arm_defconfig_4.20.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm_defconfig_4.20.config rename to kernel_hardening_checker/config_files/defconfigs/arm_defconfig_4.20.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm_defconfig_5.0.config b/kernel_hardening_checker/config_files/defconfigs/arm_defconfig_5.0.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm_defconfig_5.0.config rename to kernel_hardening_checker/config_files/defconfigs/arm_defconfig_5.0.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm_defconfig_5.10.config b/kernel_hardening_checker/config_files/defconfigs/arm_defconfig_5.10.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm_defconfig_5.10.config rename to kernel_hardening_checker/config_files/defconfigs/arm_defconfig_5.10.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm_defconfig_5.14.config b/kernel_hardening_checker/config_files/defconfigs/arm_defconfig_5.14.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm_defconfig_5.14.config rename to kernel_hardening_checker/config_files/defconfigs/arm_defconfig_5.14.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm_defconfig_5.17.config b/kernel_hardening_checker/config_files/defconfigs/arm_defconfig_5.17.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm_defconfig_5.17.config rename to kernel_hardening_checker/config_files/defconfigs/arm_defconfig_5.17.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm_defconfig_5.4.config b/kernel_hardening_checker/config_files/defconfigs/arm_defconfig_5.4.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm_defconfig_5.4.config rename to kernel_hardening_checker/config_files/defconfigs/arm_defconfig_5.4.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm_defconfig_5.5.config b/kernel_hardening_checker/config_files/defconfigs/arm_defconfig_5.5.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm_defconfig_5.5.config rename to kernel_hardening_checker/config_files/defconfigs/arm_defconfig_5.5.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm_defconfig_5.7.config b/kernel_hardening_checker/config_files/defconfigs/arm_defconfig_5.7.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm_defconfig_5.7.config rename to kernel_hardening_checker/config_files/defconfigs/arm_defconfig_5.7.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm_defconfig_5.9.config b/kernel_hardening_checker/config_files/defconfigs/arm_defconfig_5.9.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm_defconfig_5.9.config rename to kernel_hardening_checker/config_files/defconfigs/arm_defconfig_5.9.config diff --git a/kconfig_hardened_check/config_files/defconfigs/arm_defconfig_6.1.config b/kernel_hardening_checker/config_files/defconfigs/arm_defconfig_6.1.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/arm_defconfig_6.1.config rename to kernel_hardening_checker/config_files/defconfigs/arm_defconfig_6.1.config diff --git a/kconfig_hardened_check/config_files/defconfigs/x86_32_defconfig_4.20.config b/kernel_hardening_checker/config_files/defconfigs/x86_32_defconfig_4.20.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/x86_32_defconfig_4.20.config rename to kernel_hardening_checker/config_files/defconfigs/x86_32_defconfig_4.20.config diff --git a/kconfig_hardened_check/config_files/defconfigs/x86_32_defconfig_5.0.config b/kernel_hardening_checker/config_files/defconfigs/x86_32_defconfig_5.0.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/x86_32_defconfig_5.0.config rename to kernel_hardening_checker/config_files/defconfigs/x86_32_defconfig_5.0.config diff --git a/kconfig_hardened_check/config_files/defconfigs/x86_32_defconfig_5.10.config b/kernel_hardening_checker/config_files/defconfigs/x86_32_defconfig_5.10.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/x86_32_defconfig_5.10.config rename to kernel_hardening_checker/config_files/defconfigs/x86_32_defconfig_5.10.config diff --git a/kconfig_hardened_check/config_files/defconfigs/x86_32_defconfig_5.14.config b/kernel_hardening_checker/config_files/defconfigs/x86_32_defconfig_5.14.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/x86_32_defconfig_5.14.config rename to kernel_hardening_checker/config_files/defconfigs/x86_32_defconfig_5.14.config diff --git a/kconfig_hardened_check/config_files/defconfigs/x86_32_defconfig_5.17.config b/kernel_hardening_checker/config_files/defconfigs/x86_32_defconfig_5.17.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/x86_32_defconfig_5.17.config rename to kernel_hardening_checker/config_files/defconfigs/x86_32_defconfig_5.17.config diff --git a/kconfig_hardened_check/config_files/defconfigs/x86_32_defconfig_5.4.config b/kernel_hardening_checker/config_files/defconfigs/x86_32_defconfig_5.4.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/x86_32_defconfig_5.4.config rename to kernel_hardening_checker/config_files/defconfigs/x86_32_defconfig_5.4.config diff --git a/kconfig_hardened_check/config_files/defconfigs/x86_32_defconfig_5.5.config b/kernel_hardening_checker/config_files/defconfigs/x86_32_defconfig_5.5.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/x86_32_defconfig_5.5.config rename to kernel_hardening_checker/config_files/defconfigs/x86_32_defconfig_5.5.config diff --git a/kconfig_hardened_check/config_files/defconfigs/x86_32_defconfig_5.7.config b/kernel_hardening_checker/config_files/defconfigs/x86_32_defconfig_5.7.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/x86_32_defconfig_5.7.config rename to kernel_hardening_checker/config_files/defconfigs/x86_32_defconfig_5.7.config diff --git a/kconfig_hardened_check/config_files/defconfigs/x86_32_defconfig_5.9.config b/kernel_hardening_checker/config_files/defconfigs/x86_32_defconfig_5.9.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/x86_32_defconfig_5.9.config rename to kernel_hardening_checker/config_files/defconfigs/x86_32_defconfig_5.9.config diff --git a/kconfig_hardened_check/config_files/defconfigs/x86_32_defconfig_6.1.config b/kernel_hardening_checker/config_files/defconfigs/x86_32_defconfig_6.1.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/x86_32_defconfig_6.1.config rename to kernel_hardening_checker/config_files/defconfigs/x86_32_defconfig_6.1.config diff --git a/kconfig_hardened_check/config_files/defconfigs/x86_64_defconfig_4.20.config b/kernel_hardening_checker/config_files/defconfigs/x86_64_defconfig_4.20.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/x86_64_defconfig_4.20.config rename to kernel_hardening_checker/config_files/defconfigs/x86_64_defconfig_4.20.config diff --git a/kconfig_hardened_check/config_files/defconfigs/x86_64_defconfig_5.0.config b/kernel_hardening_checker/config_files/defconfigs/x86_64_defconfig_5.0.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/x86_64_defconfig_5.0.config rename to kernel_hardening_checker/config_files/defconfigs/x86_64_defconfig_5.0.config diff --git a/kconfig_hardened_check/config_files/defconfigs/x86_64_defconfig_5.10.config b/kernel_hardening_checker/config_files/defconfigs/x86_64_defconfig_5.10.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/x86_64_defconfig_5.10.config rename to kernel_hardening_checker/config_files/defconfigs/x86_64_defconfig_5.10.config diff --git a/kconfig_hardened_check/config_files/defconfigs/x86_64_defconfig_5.14.config b/kernel_hardening_checker/config_files/defconfigs/x86_64_defconfig_5.14.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/x86_64_defconfig_5.14.config rename to kernel_hardening_checker/config_files/defconfigs/x86_64_defconfig_5.14.config diff --git a/kconfig_hardened_check/config_files/defconfigs/x86_64_defconfig_5.17.config b/kernel_hardening_checker/config_files/defconfigs/x86_64_defconfig_5.17.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/x86_64_defconfig_5.17.config rename to kernel_hardening_checker/config_files/defconfigs/x86_64_defconfig_5.17.config diff --git a/kconfig_hardened_check/config_files/defconfigs/x86_64_defconfig_5.4.config b/kernel_hardening_checker/config_files/defconfigs/x86_64_defconfig_5.4.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/x86_64_defconfig_5.4.config rename to kernel_hardening_checker/config_files/defconfigs/x86_64_defconfig_5.4.config diff --git a/kconfig_hardened_check/config_files/defconfigs/x86_64_defconfig_5.5.config b/kernel_hardening_checker/config_files/defconfigs/x86_64_defconfig_5.5.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/x86_64_defconfig_5.5.config rename to kernel_hardening_checker/config_files/defconfigs/x86_64_defconfig_5.5.config diff --git a/kconfig_hardened_check/config_files/defconfigs/x86_64_defconfig_5.7.config b/kernel_hardening_checker/config_files/defconfigs/x86_64_defconfig_5.7.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/x86_64_defconfig_5.7.config rename to kernel_hardening_checker/config_files/defconfigs/x86_64_defconfig_5.7.config diff --git a/kconfig_hardened_check/config_files/defconfigs/x86_64_defconfig_5.9.config b/kernel_hardening_checker/config_files/defconfigs/x86_64_defconfig_5.9.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/x86_64_defconfig_5.9.config rename to kernel_hardening_checker/config_files/defconfigs/x86_64_defconfig_5.9.config diff --git a/kconfig_hardened_check/config_files/defconfigs/x86_64_defconfig_6.1.config b/kernel_hardening_checker/config_files/defconfigs/x86_64_defconfig_6.1.config similarity index 100% rename from kconfig_hardened_check/config_files/defconfigs/x86_64_defconfig_6.1.config rename to kernel_hardening_checker/config_files/defconfigs/x86_64_defconfig_6.1.config diff --git a/kconfig_hardened_check/config_files/distros/Alpinelinux-edge.config b/kernel_hardening_checker/config_files/distros/Alpinelinux-edge.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/Alpinelinux-edge.config rename to kernel_hardening_checker/config_files/distros/Alpinelinux-edge.config diff --git a/kconfig_hardened_check/config_files/distros/AmazonLinux2.config b/kernel_hardening_checker/config_files/distros/AmazonLinux2.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/AmazonLinux2.config rename to kernel_hardening_checker/config_files/distros/AmazonLinux2.config diff --git a/kconfig_hardened_check/config_files/distros/Archlinux-hardened.config b/kernel_hardening_checker/config_files/distros/Archlinux-hardened.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/Archlinux-hardened.config rename to kernel_hardening_checker/config_files/distros/Archlinux-hardened.config diff --git a/kconfig_hardened_check/config_files/distros/SLE15.config b/kernel_hardening_checker/config_files/distros/SLE15.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/SLE15.config rename to kernel_hardening_checker/config_files/distros/SLE15.config diff --git a/kconfig_hardened_check/config_files/distros/android_gki_android13-5.10.config b/kernel_hardening_checker/config_files/distros/android_gki_android13-5.10.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/android_gki_android13-5.10.config rename to kernel_hardening_checker/config_files/distros/android_gki_android13-5.10.config diff --git a/kconfig_hardened_check/config_files/distros/android_pixel-3a.config b/kernel_hardening_checker/config_files/distros/android_pixel-3a.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/android_pixel-3a.config rename to kernel_hardening_checker/config_files/distros/android_pixel-3a.config diff --git a/kconfig_hardened_check/config_files/distros/android_pixel-7.config b/kernel_hardening_checker/config_files/distros/android_pixel-7.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/android_pixel-7.config rename to kernel_hardening_checker/config_files/distros/android_pixel-7.config diff --git a/kconfig_hardened_check/config_files/distros/android_samsung_s23.config b/kernel_hardening_checker/config_files/distros/android_samsung_s23.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/android_samsung_s23.config rename to kernel_hardening_checker/config_files/distros/android_samsung_s23.config diff --git a/kconfig_hardened_check/config_files/distros/cbl-mariner.config b/kernel_hardening_checker/config_files/distros/cbl-mariner.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/cbl-mariner.config rename to kernel_hardening_checker/config_files/distros/cbl-mariner.config diff --git a/kconfig_hardened_check/config_files/distros/clearlinux-master.config b/kernel_hardening_checker/config_files/distros/clearlinux-master.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/clearlinux-master.config rename to kernel_hardening_checker/config_files/distros/clearlinux-master.config diff --git a/kconfig_hardened_check/config_files/distros/clipos_kernel_doc.txt b/kernel_hardening_checker/config_files/distros/clipos_kernel_doc.txt similarity index 100% rename from kconfig_hardened_check/config_files/distros/clipos_kernel_doc.txt rename to kernel_hardening_checker/config_files/distros/clipos_kernel_doc.txt diff --git a/kconfig_hardened_check/config_files/distros/debian-buster.config b/kernel_hardening_checker/config_files/distros/debian-buster.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/debian-buster.config rename to kernel_hardening_checker/config_files/distros/debian-buster.config diff --git a/kconfig_hardened_check/config_files/distros/example_config.gz b/kernel_hardening_checker/config_files/distros/example_config.gz similarity index 100% rename from kconfig_hardened_check/config_files/distros/example_config.gz rename to kernel_hardening_checker/config_files/distros/example_config.gz diff --git a/kconfig_hardened_check/config_files/distros/example_sysctls.txt b/kernel_hardening_checker/config_files/distros/example_sysctls.txt similarity index 100% rename from kconfig_hardened_check/config_files/distros/example_sysctls.txt rename to kernel_hardening_checker/config_files/distros/example_sysctls.txt diff --git a/kconfig_hardened_check/config_files/distros/fedora_34.config b/kernel_hardening_checker/config_files/distros/fedora_34.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/fedora_34.config rename to kernel_hardening_checker/config_files/distros/fedora_34.config diff --git a/kconfig_hardened_check/config_files/distros/fedora_38.config b/kernel_hardening_checker/config_files/distros/fedora_38.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/fedora_38.config rename to kernel_hardening_checker/config_files/distros/fedora_38.config diff --git a/kconfig_hardened_check/config_files/distros/get-nixos-kconfig.nix b/kernel_hardening_checker/config_files/distros/get-nixos-kconfig.nix similarity index 100% rename from kconfig_hardened_check/config_files/distros/get-nixos-kconfig.nix rename to kernel_hardening_checker/config_files/distros/get-nixos-kconfig.nix diff --git a/kconfig_hardened_check/config_files/distros/nixpkgs-linux_hardened.config b/kernel_hardening_checker/config_files/distros/nixpkgs-linux_hardened.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/nixpkgs-linux_hardened.config rename to kernel_hardening_checker/config_files/distros/nixpkgs-linux_hardened.config diff --git a/kconfig_hardened_check/config_files/distros/nixpkgs-linux_latest.config b/kernel_hardening_checker/config_files/distros/nixpkgs-linux_latest.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/nixpkgs-linux_latest.config rename to kernel_hardening_checker/config_files/distros/nixpkgs-linux_latest.config diff --git a/kconfig_hardened_check/config_files/distros/nixpkgs-linux_lts.config b/kernel_hardening_checker/config_files/distros/nixpkgs-linux_lts.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/nixpkgs-linux_lts.config rename to kernel_hardening_checker/config_files/distros/nixpkgs-linux_lts.config diff --git a/kconfig_hardened_check/config_files/distros/openSUSE-15.1.config b/kernel_hardening_checker/config_files/distros/openSUSE-15.1.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/openSUSE-15.1.config rename to kernel_hardening_checker/config_files/distros/openSUSE-15.1.config diff --git a/kconfig_hardened_check/config_files/distros/oracle-uek6.config b/kernel_hardening_checker/config_files/distros/oracle-uek6.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/oracle-uek6.config rename to kernel_hardening_checker/config_files/distros/oracle-uek6.config diff --git a/kconfig_hardened_check/config_files/distros/pentoo-livecd.config b/kernel_hardening_checker/config_files/distros/pentoo-livecd.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/pentoo-livecd.config rename to kernel_hardening_checker/config_files/distros/pentoo-livecd.config diff --git a/kconfig_hardened_check/config_files/distros/rhel-8.0.config b/kernel_hardening_checker/config_files/distros/rhel-8.0.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/rhel-8.0.config rename to kernel_hardening_checker/config_files/distros/rhel-8.0.config diff --git a/kconfig_hardened_check/config_files/distros/ubuntu-focal.config b/kernel_hardening_checker/config_files/distros/ubuntu-focal.config similarity index 100% rename from kconfig_hardened_check/config_files/distros/ubuntu-focal.config rename to kernel_hardening_checker/config_files/distros/ubuntu-focal.config diff --git a/kconfig_hardened_check/config_files/kspp-recommendations/kspp-cmdline-x86-64.txt b/kernel_hardening_checker/config_files/kspp-recommendations/kspp-cmdline-x86-64.txt similarity index 100% rename from kconfig_hardened_check/config_files/kspp-recommendations/kspp-cmdline-x86-64.txt rename to kernel_hardening_checker/config_files/kspp-recommendations/kspp-cmdline-x86-64.txt diff --git a/kconfig_hardened_check/config_files/kspp-recommendations/kspp-kconfig-arm.config b/kernel_hardening_checker/config_files/kspp-recommendations/kspp-kconfig-arm.config similarity index 100% rename from kconfig_hardened_check/config_files/kspp-recommendations/kspp-kconfig-arm.config rename to kernel_hardening_checker/config_files/kspp-recommendations/kspp-kconfig-arm.config diff --git a/kconfig_hardened_check/config_files/kspp-recommendations/kspp-kconfig-arm64.config b/kernel_hardening_checker/config_files/kspp-recommendations/kspp-kconfig-arm64.config similarity index 100% rename from kconfig_hardened_check/config_files/kspp-recommendations/kspp-kconfig-arm64.config rename to kernel_hardening_checker/config_files/kspp-recommendations/kspp-kconfig-arm64.config diff --git a/kconfig_hardened_check/config_files/kspp-recommendations/kspp-kconfig-x86-32.config b/kernel_hardening_checker/config_files/kspp-recommendations/kspp-kconfig-x86-32.config similarity index 100% rename from kconfig_hardened_check/config_files/kspp-recommendations/kspp-kconfig-x86-32.config rename to kernel_hardening_checker/config_files/kspp-recommendations/kspp-kconfig-x86-32.config diff --git a/kconfig_hardened_check/config_files/kspp-recommendations/kspp-kconfig-x86-64.config b/kernel_hardening_checker/config_files/kspp-recommendations/kspp-kconfig-x86-64.config similarity index 100% rename from kconfig_hardened_check/config_files/kspp-recommendations/kspp-kconfig-x86-64.config rename to kernel_hardening_checker/config_files/kspp-recommendations/kspp-kconfig-x86-64.config diff --git a/kconfig_hardened_check/config_files/links.txt b/kernel_hardening_checker/config_files/links.txt similarity index 100% rename from kconfig_hardened_check/config_files/links.txt rename to kernel_hardening_checker/config_files/links.txt diff --git a/kconfig_hardened_check/engine.py b/kernel_hardening_checker/engine.py similarity index 100% rename from kconfig_hardened_check/engine.py rename to kernel_hardening_checker/engine.py diff --git a/kconfig_hardened_check/test_engine.py b/kernel_hardening_checker/test_engine.py similarity index 99% rename from kconfig_hardened_check/test_engine.py rename to kernel_hardening_checker/test_engine.py index e3c1c0d..8a9cbf7 100644 --- a/kconfig_hardened_check/test_engine.py +++ b/kernel_hardening_checker/test_engine.py @@ -5,7 +5,7 @@ This tool is for checking the security hardening options of the Linux kernel. Author: Alexander Popov -This module performs unit-testing of the kconfig-hardened-check engine. +This module performs unit-testing of the kernel-hardening-checker engine. """ # pylint: disable=missing-function-docstring,line-too-long diff --git a/setup.cfg b/setup.cfg index 1cc8b64..953b045 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,8 +1,8 @@ [metadata] -name = kconfig-hardened-check +name = kernel-hardening-checker author = Alexander Popov author_email = alex.popov@linux.com -home_page = https://github.com/a13xp0p0v/kconfig-hardened-check +home_page = https://github.com/a13xp0p0v/kernel-hardening-checker description = A tool for checking the security hardening options of the Linux kernel long_description = file: README.md license = GNU General Public License v3 (GPLv3) @@ -18,14 +18,14 @@ classifiers = [options] setup_requires = setuptools packages = - kconfig_hardened_check - kconfig_hardened_check.config_files - kconfig_hardened_check.config_files.defconfigs - kconfig_hardened_check.config_files.distros - kconfig_hardened_check.config_files.kspp-recommendations + kernel_hardening_checker + kernel_hardening_checker.config_files + kernel_hardening_checker.config_files.defconfigs + kernel_hardening_checker.config_files.distros + kernel_hardening_checker.config_files.kspp-recommendations include_package_data = true [options.entry_points] console_scripts = - kconfig-hardened-check = kconfig_hardened_check:main + kernel-hardening-checker = kernel_hardening_checker:main diff --git a/setup.py b/setup.py index 8197fab..cb776f4 100755 --- a/setup.py +++ b/setup.py @@ -3,7 +3,7 @@ from setuptools import setup about = {} -with open("kconfig_hardened_check/__about__.py") as f: +with open("kernel_hardening_checker/__about__.py") as f: exec(f.read(), about) print('v: "{}"'.format(about['__version__'])) -- 2.31.1