projects
/
kconfig-hardened-check.git
/ shortlog
commit
grep
author
committer
pickaxe
?
search:
re
summary
| shortlog |
log
|
commit
|
commitdiff
|
tree
first ⋅ prev ⋅
next
kconfig-hardened-check.git
2023-12-02
Alexander Popov
Keep the recommendation to disable kernel modules
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-12-02
Alexander Popov
Add a comment about 'kernel.modules_disabled'
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-12-02
Alexander Popov
add --kernel-version option (#94)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-12-01
Fabrice Fontaine
add --kernel-version option
94/head
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-18
Alexander Popov
Fix the reason for the 'kernel.yama.ptrace_scope' check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-17
Alexander Popov
Add kspp-recommendations/kspp-sysctl.txt
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-17
Alexander Popov
Fix the reason for the nosmt check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-17
Alexander Popov
Update kspp-cmdline-x86-64.txt
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-17
Alexander Popov
Add the 'dev.tty.legacy_tiocsti' check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-17
Alexander Popov
Add the 'kernel.randomize_va_space' check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-17
Alexander Popov
Add the 'fs.suid_dumpable' check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-17
Alexander Popov
Change the reason of the COREDUMP check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-17
Alexander Popov
Add the 'fs.protected_regular' check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-17
Alexander Popov
Add the 'fs.protected_fifos' check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-17
Alexander Popov
Add the 'fs.protected_hardlinks' check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-17
Alexander Popov
Add the 'fs.protected_symlinks' check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-17
Alexander Popov
Add the 'vm.unprivileged_userfaultfd' check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-17
Alexander Popov
Add the 'kernel.yama.ptrace_scope' check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-17
Alexander Popov
Add the 'kernel.kptr_restrict' check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-17
Alexander Popov
Improve the slab_common.usercopy_fallback check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-17
Alexander Popov
hardened_usercopy=1 is now officially recommended by...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-16
Alexander Popov
Enabling page_alloc.shuffle is now recommended by KSPP
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-16
Alexander Popov
'mitigations=auto,nosmt' is now recommended by KSPP
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-16
Alexander Popov
Disabling X86_VSYSCALL_EMULATION is now recommended...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-16
Alexander Popov
Use /usr/bin/env in shebangs (#90)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-05
Sandro Jäckel
Use /usr/bin/env in shebangs
90/head
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-10-04
Alexander Popov
Drop ZERO_CALL_USED_REGS in favour of backward-edge CFI
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-18
Alexander Popov
Update the README
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-18
Alexander Popov
Refactor the assertion in colorize_result() to improve...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-17
Alexander Popov
Update the backup in issues.md
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-17
Alexander Popov
Rename kconfig-hardened-check into kernel-hardening...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-17
Alexander Popov
Renaming fixes
renaming
85/head
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-17
Alexander Popov
Drop default.nix (it contains a wrong utility name...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-17
Alexander Popov
kconfig-hardened-check -> kernel-hardening-checker
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-17
Alexander Popov
test_engine: add test_complex_nested()
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-17
Alexander Popov
test_engine: improve the output
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-16
Alexander Popov
test_engine: improve the test_stdout()
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-16
Alexander Popov
test_engine: refactor test_complex_or() and test_comple...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-13
Alexander Popov
Don't remove ANSI colors, adapt the testcases instead
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-13
Alexander Popov
Add colors to output (#86)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-12
Frak
Adjust test scripts to scrub ANSI colors from output
86/head
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-11
Frak
Fix pylints and verbose/None case
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-10
Frak
fix typo
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-10
Frak
cleanup spaces
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-09
Frak
cleanup
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-09
Frak
re-factoring
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-09
Frak
Add colors for OK and FAIL cases
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-09-03
Alexander Popov
Fix arch conditions for some CmdlineChecks
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-28
Alexander Popov
Make the functional tests more informative
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-28
Alexander Popov
Test more wrong combinations of options
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-28
Alexander Popov
Test checking sysctl separately
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-27
Alexander Popov
Support separate sysctl checking (without kconfig)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-14
Alexander Popov
Improve coverage of the functional test a bit
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-14
Alexander Popov
Clean .gitignore
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-14
Alexander Popov
Show git information in the functional test
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-14
Alexander Popov
Test an invalid sysctl file
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-14
Alexander Popov
Test an unexpected line in the sysctl file
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-14
Alexander Popov
Test an unexpected line in the Kconfig file
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-14
Alexander Popov
Drop `if __name__ == "__main__"` from ./bin/kconfig...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-14
Alexander Popov
Turn the warning about unexpected line in Kconfig file...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-14
Alexander Popov
Update the README (add the --sysctl mode)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-13
Alexander Popov
Add the Kconfig file of Fedora 38
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-13
Alexander Popov
Use example_sysctls.txt in the functional test
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-13
Alexander Popov
Add an example sysctl output file
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-13
Alexander Popov
Add the / symbol to the sysctl parsing pattern
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-13
Alexander Popov
Add --sysctl to functional testing
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-13
Alexander Popov
Improve checking the combinations of flags in the funct...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-13
Alexander Popov
Fix syntax to run on the Woodpecker 1.0.0 CI (part II)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-13
Alexander Popov
Fix syntax to run on the Woodpecker 1.0.0 CI
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-13
Alexander Popov
Report that --print and --generate can't be used together
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-08-13
Alexander Popov
Enable sysctl checking
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-23
Alexander Popov
Check the kernel.unprivileged_bpf_disabled sysctl
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-23
Alexander Popov
Check the dev.tty.ldisc_autoload sysctl
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-23
Alexander Popov
Check the user.max_user_namespaces sysctl
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-23
Alexander Popov
Check the kernel.kexec_load_disabled sysctl
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-23
Alexander Popov
Check the kernel.perf_event_paranoid sysctl
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-23
Alexander Popov
Check the kernel.dmesg_restrict sysctl
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-23
Alexander Popov
Check the net.core.bpf_jit_harden sysctl
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-23
Alexander Popov
test_engine: use SysctlCheck in test_value_overriding()
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-23
Alexander Popov
test_engine: use SysctlCheck in test_stdout()
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-23
Alexander Popov
test_engine: implement test_simple_sysctl()
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-23
Alexander Popov
test_engine: support SysctlCheck
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-22
Alexander Popov
Refactor populate_opt_with_data()
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-16
Alexander Popov
Mute warnings in the JSON mode and improve wording
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-16
Alexander Popov
Implement parse_sysctl_file()
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-15
Alexander Popov
Drop an obsolete error handling test
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-15
Alexander Popov
Fix the bug in the functional tests
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-15
Alexander Popov
Emit WARNING for the cmdline options that exist multipl...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-15
Alexander Popov
Precise the Kconfig parsing
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-12
Alexander Popov
Get rid of useless regular expressions in detect_compiler()
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-12
Alexander Popov
Precise the regular expressions in detect_arch() and...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-12
Alexander Popov
Show error if some cmdline option exists multiple times
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-08
Alexander Popov
Add the basic infrastructure for checking sysctl
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-08
Alexander Popov
Introduce the SysctlCheck class
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-04
Alexander Popov
Check disabling XFS_SUPPORT_V4 for cutting attack surface
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-07-02
Alexander Popov
Print the microarchitecture in --generate mode
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-06-25
Alexander Popov
Update the README
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-06-25
Alexander Popov
Add the info about /proc/cmdline to the usage help
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-06-18
Alexander Popov
setup: fix "The license_file parameter is deprecated"
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2023-06-18
Alexander Popov
setup: Don't use the automatic "find_namespace:" discovery
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
next