projects
/
kconfig-hardened-check.git
/ shortlog
commit
grep
author
committer
pickaxe
?
search:
re
summary
| shortlog |
log
|
commit
|
commitdiff
|
tree
first ⋅ prev ⋅
next
kconfig-hardened-check.git
2020-03-24
Alexander Popov
Update the README
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-24
Alexander Popov
CLIP OS recommends disabling Intel TSX
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-24
Alexander Popov
Small syctl cleanup
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-23
Alexander Popov
Merge pull request #34 from madaidan/grapheneos
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-22
madaidan
GrapheneOS is the continuation of CopperheadOS
34/head
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-20
Alexander Popov
CopperheadOS disables the kernel's CONFIG_AIO feature
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-20
Alexander Popov
KSPP now recommends PAGE_TABLE_ISOLATION for X86_32
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-20
Alexander Popov
Update KSPP recommendations
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-18
Alexander Popov
INTEL_IOMMU is available for X86_32
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-18
Alexander Popov
Move VMSPLIT_3G to 'userspace_hardening'
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-18
Alexander Popov
Style fix
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-18
Alexander Popov
IOMMU_SUPPORT is needed for all architectures
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-18
Alexander Popov
SECURITY_WRITABLE_HOOKS and SECURITY_SELINUX_DISABLE...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-18
Alexander Popov
Add CLIP OS recommendation about X86_CPUID
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-18
Alexander Popov
Fix RANDOM_TRUST_BOOTLOADER check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-18
Alexander Popov
LOCKDOWN update - part II
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-18
Alexander Popov
LOCKDOWN update - part I
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-18
Alexander Popov
Don't restrict arch for "is not set" checks
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-17
Alexander Popov
SECURITY_LOCKDOWN_LSM is recommended by CLIP OS
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-08
Alexander Popov
Add CONFIG_INTEGRITY for userspace hardening
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-08
Alexander Popov
Fix the comments
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-08
Alexander Popov
Don't show all checks from all supported platforms...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-07
Alexander Popov
Improve 'dunno' report in debug_mode
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-06
Alexander Popov
Add SECURITY_LOADPIN_ENFORCE check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-06
Alexander Popov
Update CLIP OS kernel security documentation
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-06
Alexander Popov
Add CLIP OS recommendation about CONFIG_STAGING
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-06
Alexander Popov
Add CLIP OS recommendation about CONFIG_RANDOM_TRUST_BO...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-06
Alexander Popov
Update the README
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-06
Alexander Popov
Improve debug_mode a lot
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-06
Alexander Popov
Improve the table header
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-06
Alexander Popov
Drop unused OptCheck printing
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-05
Alexander Popov
Update 'decision' for new KSPP recommendations
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-05
Alexander Popov
Update KSPP recommendations
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-05
Alexander Popov
Update the README
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-05
Alexander Popov
LDISC_AUTOLOAD can be disabled since v5.1
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-05
Alexander Popov
REFCOUNT_FULL is enabled by default since v5.5
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-05
Alexander Popov
Add kernel version checks for complex checks with logic...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-05
Alexander Popov
Add kernel version detection
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-05
Alexander Popov
Simplify perform_checks()
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-04
Alexander Popov
Fix versions in KSPP recommendations
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-04
Alexander Popov
Fix the name for ClearLinux config
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-04
Alexander Popov
STACKPROTECTOR_PER_TASK is now default for ARM
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-04
Alexander Popov
SECURITY_WRITABLE_HOOKS is not disabled by default
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-04
Alexander Popov
Include GCC_PLUGINS to defconfig
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-03-04
Alexander Popov
Update defconfigs (v5.5)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-02-27
Alexander Popov
Merge branch 'config-updates-from-hackurx'
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-02-26
Loïc
Update of the kconfig-hardened-check.py part
31/head
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-02-26
Loïc
Add link for clearlinux
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-02-26
Loïc
Add clearlinux-master
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-02-24
Loïc
Update to 5.3.0-28-generic (LTS HWE)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-02-24
Loïc
Remove debian-stretch.config
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-02-24
Loïc
Add link for amazonlinux2
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-02-24
Loïc
Update to 4.14.165-133.209.amzn2.x86_64
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-02-24
Loïc
Update to 5.4.21
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-02-24
Loïc
Update to openSUSE-15.1
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-02-24
Loïc
Update to 5.3.16 (SLE15-SP2)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-02-24
Loïc
Update to SLE15-SP2 and openSUSE-15.1
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-02-24
Loïc
Update to 5.4.21
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-02-24
Loïc
Update to 5.5.5-pentoo
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-02-24
Loïc
Update of some links
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-02-24
Loïc
Update to 5.4.1 (uek6)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-02-24
Loïc
Update to 4.18.0-147.5.1.el8_1.x86_64
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-02-24
Loïc
Update to config-4.19.0-8-amd64
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-01-14
Alexander Popov
Fix INIT_ON_FREE_DEFAULT_ON vs PAGE_POISONING issue #28
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-01-14
Alexander Popov
Answer the question about CONFIG_PANIC_ON_OOPS
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-01-11
Alexander Popov
Recommend disabling VIDEO_VIVID
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2020-01-10
Alexander Popov
Take some ideas from NixOS/nixpkgs hardened kernel...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-12-02
Alexander Popov
Pretty printing
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-29
Alexander Popov
Version 0.5.3 (supports Linux kernel v5.3)
v0.5.3
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-29
Alexander Popov
Add the link to Linux Kernel Defence Map
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-29
Alexander Popov
Update the README
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-29
Alexander Popov
Update defconfigs
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-29
Alexander Popov
RANDOMIZE_BASE is now enabled by default on arm64
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-28
Alexander Popov
x86_32: INTEL_IOMMU is not enabled by default - fix...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-28
Alexander Popov
X86_INTEL_UMIP is now X86_UMIP
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-28
Alexander Popov
x86_64: more hardening options are enabled by default...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-28
Alexander Popov
Improve the list of the kernel parameters in TODO
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-28
Alexander Popov
Add CLIP OS links
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-28
Alexander Popov
Update the column width
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-28
Alexander Popov
Some of my recommendations are used by CLIP OS, change...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-28
Alexander Popov
Don't recommend disabling IKCONFIG anymore
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-28
Alexander Popov
Save more hardening sysctls for TODO
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-28
Alexander Popov
Update CLIP OS doc
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-28
Alexander Popov
Group security policies together
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-28
Alexander Popov
Add INIT_ON_ALLOC_DEFAULT_ON and INIT_ON_FREE_DEFAULT_O...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-28
Alexander Popov
Add RODATA_FULL_DEFAULT_ENABLED for ARM64
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-28
Alexander Popov
Add info about Debian and AOSP kernel configs to links.txt
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-28
Alexander Popov
Add Debian Buster kernel config
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-11-28
Alexander Popov
Add AOSP kernel config for Pixel 3a
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-08-23
Alexander Popov
Introduce the versioning
v0.5.2
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-08-23
Alexander Popov
Update the script output in the README
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-08-23
Alexander Popov
Add HARDEN_BRANCH_PREDICTOR and HARDEN_EL2_VECTORS
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-08-23
Alexander Popov
Bring more order to the offsets (style fix)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-08-22
Alexander Popov
Add INIT_STACK_ALL as an alternative to GCC_PLUGIN_STRU...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-08-22
Alexander Popov
Add SHUFFLE_PAGE_ALLOCATOR from v5.2
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-08-22
Alexander Popov
Add some new sysctls (to remember them)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-07-08
Alexander Popov
Merge pull request #22 from adrianopol/master
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-07-07
Andrew Petelin
#20 fix: use right quotes in json output
22/head
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-06-24
Alexander Popov
Do code refactoring without changing the functionality
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2019-06-24
Alexander Popov
Merge branch 'json-support'
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
next