From 6d4cb6735da262ca843aee129147ce295d5fb12b Mon Sep 17 00:00:00 2001 From: Alexander Popov Date: Mon, 17 Jul 2023 00:06:11 +0300 Subject: [PATCH] Implement parse_sysctl_file() Refers to #65 --- kconfig_hardened_check/__init__.py | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index a98fbe8..143da1d 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -200,7 +200,26 @@ def parse_cmdline_file(parsed_options, fname): def parse_sysctl_file(parsed_options, fname): - print('parse_sysctl_file: TODO') + with open(fname, 'r', encoding='utf-8') as f: + sysctl_pattern = re.compile("[a-zA-Z0-9\._-]+ =.*$") + for line in f.readlines(): + line = line.strip() + if not sysctl_pattern.match(line): + sys.exit(f'[!] ERROR: unexpected line in sysctl file: {line}') + option, value = line.split('=', 1) + option = option.strip() + value = value.strip() + # sysctl options may be found multiple times, let's save the last value: + parsed_options[option] = value + + # let's check the presence of some ancient sysctl option + # to ensure that we are parsing the output of `sudo sysctl -a > file` + if 'kernel.printk' not in parsed_options: + sys.exit(f'[!] ERROR: {fname} doesn\'t look like a sysctl output file, please try `sudo sysctl -a > {fname}`') + + # let's check the presence of a sysctl option available for root + if 'net.core.bpf_jit_harden' not in parsed_options: + print(f'[!] WARNING: sysctl option "net.core.bpf_jit_harden" available for root is not found in {fname}, please try `sudo sysctl -a > {fname}`') def main(): -- 2.31.1