kconfig-hardened-check.git
2023-12-01 Fabrice Fontaineadd --kernel-version option 94/head
2023-10-18 Alexander PopovFix the reason for the 'kernel.yama.ptrace_scope' check
2023-10-17 Alexander PopovAdd kspp-recommendations/kspp-sysctl.txt
2023-10-17 Alexander PopovFix the reason for the nosmt check
2023-10-17 Alexander PopovUpdate kspp-cmdline-x86-64.txt
2023-10-17 Alexander PopovAdd the 'dev.tty.legacy_tiocsti' check
2023-10-17 Alexander PopovAdd the 'kernel.randomize_va_space' check
2023-10-17 Alexander PopovAdd the 'fs.suid_dumpable' check
2023-10-17 Alexander PopovChange the reason of the COREDUMP check
2023-10-17 Alexander PopovAdd the 'fs.protected_regular' check
2023-10-17 Alexander PopovAdd the 'fs.protected_fifos' check
2023-10-17 Alexander PopovAdd the 'fs.protected_hardlinks' check
2023-10-17 Alexander PopovAdd the 'fs.protected_symlinks' check
2023-10-17 Alexander PopovAdd the 'vm.unprivileged_userfaultfd' check
2023-10-17 Alexander PopovAdd the 'kernel.yama.ptrace_scope' check
2023-10-17 Alexander PopovAdd the 'kernel.kptr_restrict' check
2023-10-17 Alexander PopovImprove the slab_common.usercopy_fallback check
2023-10-17 Alexander Popovhardened_usercopy=1 is now officially recommended by...
2023-10-16 Alexander PopovEnabling page_alloc.shuffle is now recommended by KSPP
2023-10-16 Alexander Popov'mitigations=auto,nosmt' is now recommended by KSPP
2023-10-16 Alexander PopovDisabling X86_VSYSCALL_EMULATION is now recommended...
2023-10-16 Alexander PopovUse /usr/bin/env in shebangs (#90)
2023-10-05 Sandro JäckelUse /usr/bin/env in shebangs 90/head
2023-10-04 Alexander PopovDrop ZERO_CALL_USED_REGS in favour of backward-edge CFI
2023-09-18 Alexander PopovUpdate the README
2023-09-18 Alexander PopovRefactor the assertion in colorize_result() to improve...
2023-09-17 Alexander PopovUpdate the backup in issues.md
2023-09-17 Alexander PopovRename kconfig-hardened-check into kernel-hardening...
2023-09-17 Alexander PopovRenaming fixes renaming 85/head
2023-09-17 Alexander PopovDrop default.nix (it contains a wrong utility name...
2023-09-17 Alexander Popovkconfig-hardened-check -> kernel-hardening-checker
2023-09-17 Alexander Popovtest_engine: add test_complex_nested()
2023-09-17 Alexander Popovtest_engine: improve the output
2023-09-16 Alexander Popovtest_engine: improve the test_stdout()
2023-09-16 Alexander Popovtest_engine: refactor test_complex_or() and test_comple...
2023-09-13 Alexander PopovDon't remove ANSI colors, adapt the testcases instead
2023-09-13 Alexander PopovAdd colors to output (#86)
2023-09-12 FrakAdjust test scripts to scrub ANSI colors from output 86/head
2023-09-11 FrakFix pylints and verbose/None case
2023-09-10 Frakfix typo
2023-09-10 Frakcleanup spaces
2023-09-09 Frakcleanup
2023-09-09 Frakre-factoring
2023-09-09 FrakAdd colors for OK and FAIL cases
2023-09-03 Alexander PopovFix arch conditions for some CmdlineChecks
2023-08-28 Alexander PopovMake the functional tests more informative
2023-08-28 Alexander PopovTest more wrong combinations of options
2023-08-28 Alexander PopovTest checking sysctl separately
2023-08-27 Alexander PopovSupport separate sysctl checking (without kconfig)
2023-08-14 Alexander PopovImprove coverage of the functional test a bit
2023-08-14 Alexander PopovClean .gitignore
2023-08-14 Alexander PopovShow git information in the functional test
2023-08-14 Alexander PopovTest an invalid sysctl file
2023-08-14 Alexander PopovTest an unexpected line in the sysctl file
2023-08-14 Alexander PopovTest an unexpected line in the Kconfig file
2023-08-14 Alexander PopovDrop `if __name__ == "__main__"` from ./bin/kconfig...
2023-08-14 Alexander PopovTurn the warning about unexpected line in Kconfig file...
2023-08-14 Alexander PopovUpdate the README (add the --sysctl mode)
2023-08-13 Alexander PopovAdd the Kconfig file of Fedora 38
2023-08-13 Alexander PopovUse example_sysctls.txt in the functional test
2023-08-13 Alexander PopovAdd an example sysctl output file
2023-08-13 Alexander PopovAdd the / symbol to the sysctl parsing pattern
2023-08-13 Alexander PopovAdd --sysctl to functional testing
2023-08-13 Alexander PopovImprove checking the combinations of flags in the funct...
2023-08-13 Alexander PopovFix syntax to run on the Woodpecker 1.0.0 CI (part II)
2023-08-13 Alexander PopovFix syntax to run on the Woodpecker 1.0.0 CI
2023-08-13 Alexander PopovReport that --print and --generate can't be used together
2023-08-13 Alexander PopovEnable sysctl checking
2023-07-23 Alexander PopovCheck the kernel.unprivileged_bpf_disabled sysctl
2023-07-23 Alexander PopovCheck the dev.tty.ldisc_autoload sysctl
2023-07-23 Alexander PopovCheck the user.max_user_namespaces sysctl
2023-07-23 Alexander PopovCheck the kernel.kexec_load_disabled sysctl
2023-07-23 Alexander PopovCheck the kernel.perf_event_paranoid sysctl
2023-07-23 Alexander PopovCheck the kernel.dmesg_restrict sysctl
2023-07-23 Alexander PopovCheck the net.core.bpf_jit_harden sysctl
2023-07-23 Alexander Popovtest_engine: use SysctlCheck in test_value_overriding()
2023-07-23 Alexander Popovtest_engine: use SysctlCheck in test_stdout()
2023-07-23 Alexander Popovtest_engine: implement test_simple_sysctl()
2023-07-23 Alexander Popovtest_engine: support SysctlCheck
2023-07-22 Alexander PopovRefactor populate_opt_with_data()
2023-07-16 Alexander PopovMute warnings in the JSON mode and improve wording
2023-07-16 Alexander PopovImplement parse_sysctl_file()
2023-07-15 Alexander PopovDrop an obsolete error handling test
2023-07-15 Alexander PopovFix the bug in the functional tests
2023-07-15 Alexander PopovEmit WARNING for the cmdline options that exist multipl...
2023-07-15 Alexander PopovPrecise the Kconfig parsing
2023-07-12 Alexander PopovGet rid of useless regular expressions in detect_compiler()
2023-07-12 Alexander PopovPrecise the regular expressions in detect_arch() and...
2023-07-12 Alexander PopovShow error if some cmdline option exists multiple times
2023-07-08 Alexander PopovAdd the basic infrastructure for checking sysctl
2023-07-08 Alexander PopovIntroduce the SysctlCheck class
2023-07-04 Alexander PopovCheck disabling XFS_SUPPORT_V4 for cutting attack surface
2023-07-02 Alexander PopovPrint the microarchitecture in --generate mode
2023-06-25 Alexander PopovUpdate the README
2023-06-25 Alexander PopovAdd the info about /proc/cmdline to the usage help
2023-06-18 Alexander Popovsetup: fix "The license_file parameter is deprecated"
2023-06-18 Alexander Popovsetup: Don't use the automatic "find_namespace:" discovery
2023-06-18 Alexander Popovsetup: Fix the warning "Package would be ignored"
2023-06-18 Alexander Popovsetup: Drop obsolete zip_safe flag
2023-06-17 Alexander PopovMove the draft of the security hardening sysctls to...
next