Implement parse_sysctl_file()

Refers to #65

Implement parse_sysctl_file()
Refers to #65
6d4cb673 · Alexander Popov · 48471f9c · 6d4cb673
Commit 6d4cb673 authored Jul 17, 2023 by Alexander Popov
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 1 deletions

__init__.py kconfig_hardened_check/__init__.py +20 -1

No files found.
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -200,7 +200,26 @@ def parse_cmdline_file(parsed_options, fname):


 def parse_sysctl_file(parsed_options, fname):
-    print('parse_sysctl_file: TODO')
+    with open(fname, 'r', encoding='utf-8') as f:
+        sysctl_pattern = re.compile("[a-zA-Z0-9\._-]+ =.*$")
+        for line in f.readlines():
+            line = line.strip()
+            if not sysctl_pattern.match(line):
+                sys.exit(f'[!] ERROR: unexpected line in sysctl file: {line}')
+            option, value = line.split('=', 1)
+            option = option.strip()
+            value = value.strip()
+            # sysctl options may be found multiple times, let's save the last value:
+            parsed_options[option] = value
+
+    # let's check the presence of some ancient sysctl option
+    # to ensure that we are parsing the output of `sudo sysctl -a > file`
+    if 'kernel.printk' not in parsed_options:
+        sys.exit(f'[!] ERROR: {fname} doesn\'t look like a sysctl output file, please try `sudo sysctl -a > {fname}`')
+
+    # let's check the presence of a sysctl option available for root
+    if 'net.core.bpf_jit_harden' not in parsed_options:
+        print(f'[!] WARNING: sysctl option "net.core.bpf_jit_harden" available for root is not found in {fname}, please try `sudo sysctl -a > {fname}`')


 def main():