From db71a9e236bfca77e717aa6c680cbed479a32ca7 Mon Sep 17 00:00:00 2001 From: Alexander Popov Date: Mon, 12 Jun 2023 16:26:12 +0300 Subject: [PATCH] Improve the comments and README (part II) --- README.md | 12 +++++++----- kconfig_hardened_check/__init__.py | 12 ++++++------ 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index e00cb0a..dbdc1f3 100644 --- a/README.md +++ b/README.md @@ -63,8 +63,8 @@ Some Linux distributions also provide `kconfig-hardened-check` as a package. ## Usage ``` -usage: kconfig-hardened-check [-h] [--version] [-p {X86_64,X86_32,ARM64,ARM}] [-c CONFIG] [-l CMDLINE] - [-m {verbose,json,show_ok,show_fail}] +usage: kconfig-hardened-check [-h] [--version] [-p {X86_64,X86_32,ARM64,ARM}] [-c CONFIG] + [-l CMDLINE] [-m {verbose,json,show_ok,show_fail}] A tool for checking the security hardening options of the Linux kernel @@ -72,11 +72,13 @@ options: -h, --help show this help message and exit --version show program's version number and exit -p {X86_64,X86_32,ARM64,ARM}, --print {X86_64,X86_32,ARM64,ARM} - print security hardening options for the selected architecture + print the security hardening recommendations for the selected + microarchitecture -c CONFIG, --config CONFIG - check security hardening options in the kernel kconfig file (also supports *.gz files) + check the security hardening options in the kernel kconfig file (also + supports *.gz files) -l CMDLINE, --cmdline CMDLINE - check security hardening options in the kernel cmdline file + check the security hardening options in the kernel cmdline file -m {verbose,json,show_ok,show_fail}, --mode {verbose,json,show_ok,show_fail} choose the report mode ``` diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index 086e21e..b598357 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -40,9 +40,9 @@ def detect_arch(fname, archs): if arch is None: arch = option else: - return None, 'more than one supported architecture is detected' + return None, 'more than one supported microarchitecture is detected' if arch is None: - return None, 'failed to detect architecture' + return None, 'failed to detect microarchitecture' return arch, 'OK' @@ -209,11 +209,11 @@ def main(): description='A tool for checking the security hardening options of the Linux kernel') parser.add_argument('--version', action='version', version='%(prog)s ' + __version__) parser.add_argument('-p', '--print', choices=supported_archs, - help='print security hardening options for the selected architecture') + help='print the security hardening recommendations for the selected microarchitecture') parser.add_argument('-c', '--config', - help='check security hardening options in the kernel kconfig file (also supports *.gz files)') + help='check the security hardening options in the kernel kconfig file (also supports *.gz files)') parser.add_argument('-l', '--cmdline', - help='check security hardening options in the kernel cmdline file') + help='check the security hardening options in the kernel cmdline file') parser.add_argument('-m', '--mode', choices=report_modes, help='choose the report mode') args = parser.parse_args() @@ -239,7 +239,7 @@ def main(): if arch is None: sys.exit(f'[!] ERROR: {msg}') if mode != 'json': - print(f'[+] Detected architecture: {arch}') + print(f'[+] Detected microarchitecture: {arch}') kernel_version, msg = detect_kernel_version(args.config) if kernel_version is None: -- 2.31.1