Rename kconfig-hardened-check into kernel-hardening-checker (#85)

**kconfig-hardened-check** is a tool for checking the security hardening
options of the Linux kernel.

In addition to Kconfig options, it now can check kernel cmdline
arguments and sysctl parameters.

It's time to give this project a new name that describes it better:
**kernel-hardening-checker**.

.github/workflows/engine_unit-test.yml

@@ -34,7 +34,7 @@ jobs:
 
     - name: Run unit-tests and collect coverage
       run: |
-        coverage run --include=kconfig_hardened_check/engine.py,kconfig_hardened_check/test_engine.py -m unittest -v -b
+        coverage run --include=kernel_hardening_checker/engine.py,kernel_hardening_checker/test_engine.py -m unittest -v -b
         coverage xml -i -o coverage_unittest.xml
 
     - name: Handle coverage

.github/workflows/functional_test.yml

@@ -29,9 +29,9 @@ jobs:
       run: |
         python -m pip install --upgrade pip
         echo "Install the package via pip..."
-        pip --verbose install git+https://github.com/a13xp0p0v/kconfig-hardened-check
+        pip --verbose install git+https://github.com/a13xp0p0v/kernel-hardening-checker
         echo "Run the installed tool..."
-        kconfig-hardened-check
+        kernel-hardening-checker
 
     - name: Check all configs with the installed tool
       run: |
@@ -44,7 +44,7 @@ jobs:
         do
                 COUNT=$(expr $COUNT + 1)
                 echo -e "\n>>>>> checking kconfig number $COUNT <<<<<"
-                kconfig-hardened-check -c $C -l /proc/cmdline -s /tmp/sysctls
+                kernel-hardening-checker -c $C -l /proc/cmdline -s /tmp/sysctls
         done
         echo -e "\nHave checked $COUNT kconfigs"
 

.woodpecker/engine_unit-test.yml

@@ -8,6 +8,6 @@ steps:
       - python --version
       - pip install --no-cache-dir coverage
       - echo "Run unit-tests and collect coverage..."
-      - coverage run --include=kconfig_hardened_check/engine.py,kconfig_hardened_check/test_engine.py -m unittest -v -b
+      - coverage run --include=kernel_hardening_checker/engine.py,kernel_hardening_checker/test_engine.py -m unittest -v -b
       - echo "Show the coverage report..."
       - coverage report

.woodpecker/functional_test.yml

@@ -10,16 +10,16 @@ steps:
       - ls -la
       - python --version
       - echo "Install the package via pip..."
-      - pip --verbose install --no-cache-dir git+https://github.com/a13xp0p0v/kconfig-hardened-check
+      - pip --verbose install --no-cache-dir git+https://github.com/a13xp0p0v/kernel-hardening-checker
       - echo "Run the installed tool..."
-      - which kconfig-hardened-check
-      - kconfig-hardened-check
+      - which kernel-hardening-checker
+      - kernel-hardening-checker
       - echo "Check all configs with the installed tool..."
       - sysctl -a > /tmp/sysctls
       - CONFIG_DIR=`find /usr/local/lib/ -name config_files`
       - KCONFIGS=`find $CONFIG_DIR -type f | grep -e "\.config" -e "\.gz"`
       - COUNT=0
-      - for C in $KCONFIGS; do COUNT=$(expr $COUNT + 1); echo ">>>>> checking kconfig number $COUNT <<<<<"; kconfig-hardened-check -c $C -l /proc/cmdline -s /tmp/sysctls; done
+      - for C in $KCONFIGS; do COUNT=$(expr $COUNT + 1); echo ">>>>> checking kconfig number $COUNT <<<<<"; kernel-hardening-checker -c $C -l /proc/cmdline -s /tmp/sysctls; done
       - echo "Have checked $COUNT kconfigs"
   functional-test-with-coverage:
     image: python:3

MANIFEST.in

 include README.md
 include LICENSE.txt
-recursive-include kconfig_hardened_check *
+recursive-include kernel_hardening_checker *

README.md

-# kconfig-hardened-check
+# kernel-hardening-checker
 
-[![GitHub tag (latest by date)](https://img.shields.io/github/v/tag/a13xp0p0v/kconfig-hardened-check?label=release)](https://github.com/a13xp0p0v/kconfig-hardened-check/tags)<br />
-[![functional test](https://github.com/a13xp0p0v/kconfig-hardened-check/workflows/functional%20test/badge.svg)](https://github.com/a13xp0p0v/kconfig-hardened-check/actions/workflows/functional_test.yml)
-[![functional test coverage](https://codecov.io/gh/a13xp0p0v/kconfig-hardened-check/graph/badge.svg?flag=functional_test)](https://codecov.io/gh/a13xp0p0v/kconfig-hardened-check)<br />
-[![engine unit-test](https://github.com/a13xp0p0v/kconfig-hardened-check/workflows/engine%20unit-test/badge.svg)](https://github.com/a13xp0p0v/kconfig-hardened-check/actions/workflows/engine_unit-test.yml)
-[![unit-test coverage](https://codecov.io/gh/a13xp0p0v/kconfig-hardened-check/graph/badge.svg?flag=engine_unit-test)](https://codecov.io/gh/a13xp0p0v/kconfig-hardened-check)
+__(formerly kconfig-hardened-check)__<br />
+[![functional test](https://github.com/a13xp0p0v/kernel-hardening-checker/workflows/functional%20test/badge.svg)](https://github.com/a13xp0p0v/kernel-hardening-checker/actions/workflows/functional_test.yml)
+[![functional test coverage](https://codecov.io/gh/a13xp0p0v/kernel-hardening-checker/graph/badge.svg?flag=functional_test)](https://codecov.io/gh/a13xp0p0v/kernel-hardening-checker)<br />
+[![engine unit-test](https://github.com/a13xp0p0v/kernel-hardening-checker/workflows/engine%20unit-test/badge.svg)](https://github.com/a13xp0p0v/kernel-hardening-checker/actions/workflows/engine_unit-test.yml)
+[![unit-test coverage](https://codecov.io/gh/a13xp0p0v/kernel-hardening-checker/graph/badge.svg?flag=engine_unit-test)](https://codecov.io/gh/a13xp0p0v/kernel-hardening-checker)<br />
+[![GitHub tag (latest by date)](https://img.shields.io/github/v/tag/a13xp0p0v/kernel-hardening-checker?label=release)](https://github.com/a13xp0p0v/kernel-hardening-checker/tags)
 
 ## Motivation
 
@@ -14,7 +15,7 @@ make our systems more secure.
 
 But nobody likes checking configs manually. So let the computers do their job!
 
-__kconfig-hardened-check__ is a tool for checking the security hardening options of the Linux kernel. It supports checking:
+__kernel-hardening-checker__ (formerly __kconfig-hardened-check__) is a tool for checking the security hardening options of the Linux kernel. It supports checking:
 
   - Kconfig options (compile-time)
   - Kernel cmdline arguments (boot-time)
@@ -39,9 +40,9 @@ of its typical workload.
 
 ## Repositories
 
- - Main at GitHub <https://github.com/a13xp0p0v/kconfig-hardened-check>
- - Mirror at Codeberg: <https://codeberg.org/a13xp0p0v/kconfig-hardened-check>
- - Mirror at GitFlic: <https://gitflic.ru/project/a13xp0p0v/kconfig-hardened-check>
+ - Main at GitHub <https://github.com/a13xp0p0v/kernel-hardening-checker>
+ - Mirror at Codeberg: <https://codeberg.org/a13xp0p0v/kernel-hardening-checker>
+ - Mirror at GitFlic: <https://gitflic.ru/project/a13xp0p0v/kernel-hardening-checker>
 
 ## Supported microarchitectures
 
@@ -57,16 +58,16 @@ TODO: RISC-V (issue [#56][22])
 You can install the package:
 
 ```
-pip install git+https://github.com/a13xp0p0v/kconfig-hardened-check
+pip install git+https://github.com/a13xp0p0v/kernel-hardening-checker
 ```
 
-or simply run `./bin/kconfig-hardened-check` from the cloned repository.
+or simply run `./bin/kernel-hardening-checker` from the cloned repository.
 
-Some Linux distributions also provide `kconfig-hardened-check` as a package.
+Some Linux distributions also provide `kernel-hardening-checker` as a package.
 
 ## Usage
 ```
-usage: kconfig-hardened-check [-h] [--version] [-m {verbose,json,show_ok,show_fail}]
+usage: kernel-hardening-checker [-h] [--version] [-m {verbose,json,show_ok,show_fail}]
                               [-c CONFIG] [-l CMDLINE] [-s SYSCTL]
                               [-p {X86_64,X86_32,ARM64,ARM}]
                               [-g {X86_64,X86_32,ARM64,ARM}]
@@ -110,14 +111,14 @@ CONFIG_DEVMEM                           |kconfig| is not set |   kspp   |cut_att
 ```
   - `-m show_fail` for showing only the failed checks
   - `-m show_ok` for showing only the successful checks
-  - `-m json` for printing the results in JSON format (for combining `kconfig-hardened-check` with other tools)
+  - `-m json` for printing the results in JSON format (for combining `kernel-hardening-checker` with other tools)
 
 ## Example output for `Fedora 38` kernel configuration
 ```
-$ ./bin/kconfig-hardened-check -c kconfig_hardened_check/config_files/distros/fedora_38.config -l /proc/cmdline -s kconfig_hardened_check/config_files/distros/example_sysctls.txt 
-[+] Kconfig file to check: kconfig_hardened_check/config_files/distros/fedora_38.config
+$ ./bin/kernel-hardening-checker -c kernel_hardening_checker/config_files/distros/fedora_38.config -l /proc/cmdline -s kernel_hardening_checker/config_files/distros/example_sysctls.txt 
+[+] Kconfig file to check: kernel_hardening_checker/config_files/distros/fedora_38.config
 [+] Kernel cmdline file to check: /proc/cmdline
-[+] Sysctl output file to check: kconfig_hardened_check/config_files/distros/example_sysctls.txt
+[+] Sysctl output file to check: kernel_hardening_checker/config_files/distros/example_sysctls.txt
 [+] Detected microarchitecture: X86_64
 [+] Detected kernel version: 6.3
 [+] Detected compiler: GCC 130101
@@ -374,7 +375,7 @@ With the `-g` argument, the tool generates a Kconfig fragment with the security
 
 This Kconfig fragment can be merged with the existing Linux kernel config:
 ```
-$ ./bin/kconfig-hardened-check -g X86_64 > /tmp/fragment
+$ ./bin/kernel-hardening-checker -g X86_64 > /tmp/fragment
 $ cd ~/linux-src/
 $ ./scripts/kconfig/merge_config.sh .config /tmp/fragment
 Using .config as base
@@ -389,7 +390,7 @@ New value: CONFIG_BUG_ON_DATA_CORRUPTION=y
 
 __Q:__ How all these kernel parameters influence the Linux kernel security?
 
-__A:__ To answer this question, you can use the `kconfig-hardened-check` [sources of recommendations][24]
+__A:__ To answer this question, you can use the `kernel-hardening-checker` [sources of recommendations][24]
 and the [Linux Kernel Defence Map][4] with its references.
 
 <br />
@@ -463,7 +464,7 @@ try to install `gcc-7-plugin-dev` package, it should help.
 [3]: https://grsecurity.net/
 [4]: https://github.com/a13xp0p0v/linux-kernel-defence-map
 [5]: https://lwn.net/Articles/791863/
-[6]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues/38
+[6]: https://github.com/a13xp0p0v/kernel-hardening-checker/issues/38
 [7]: https://github.com/BlackIkeEagle
 [8]: https://blog.herecura.eu/blog/2020-05-30-kconfig-hardening-tests/
 [9]: https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html
@@ -472,13 +473,13 @@ try to install `gcc-7-plugin-dev` package, it should help.
 [12]: https://github.com/tych0
 [13]: https://github.com/speed47/spectre-meltdown-checker
 [14]: https://github.com/speed47
-[15]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues/53
-[16]: https://github.com/a13xp0p0v/kconfig-hardened-check/pull/54
-[17]: https://github.com/a13xp0p0v/kconfig-hardened-check/pull/62
+[15]: https://github.com/a13xp0p0v/kernel-hardening-checker/issues/53
+[16]: https://github.com/a13xp0p0v/kernel-hardening-checker/pull/54
+[17]: https://github.com/a13xp0p0v/kernel-hardening-checker/pull/62
 [18]: https://cateee.net/lkddb/web-lkddb/
 [19]: https://github.com/cateee/lkddb
 [20]: https://kernel.org/
-[21]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues/66
-[22]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues/56
-[23]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues?q=label%3Akernel_maintainer_feedback
-[24]: https://github.com/a13xp0p0v/kconfig-hardened-check#motivation
+[21]: https://github.com/a13xp0p0v/kernel-hardening-checker/issues/66
+[22]: https://github.com/a13xp0p0v/kernel-hardening-checker/issues/56
+[23]: https://github.com/a13xp0p0v/kernel-hardening-checker/issues?q=label%3Akernel_maintainer_feedback
+[24]: https://github.com/a13xp0p0v/kernel-hardening-checker#motivation

bin/kconfig-hardened-check → bin/kernel-hardening-checker

@@ -10,6 +10,6 @@ current_dir = os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentfra
 parent_dir = os.path.dirname(current_dir)
 sys.path.insert(0, parent_dir)
 
-import kconfig_hardened_check
+import kernel_hardening_checker
 
-kconfig_hardened_check.main()
+kernel_hardening_checker.main()

default.nix

-{ pkgs ? (import <nixpkgs> {}) }:
-with pkgs;
-
-pkgs.python3.pkgs.buildPythonPackage {
-  name = "kconfig-hardend-check";
-  src = ./.;
-  SOURCE_DATE_EPOCH = "1523278946";
-}

kconfig_hardened_check/__init__.py → kernel_hardening_checker/__init__.py

@@ -230,7 +230,7 @@ def main():
     #   * json mode for printing the results in JSON format
     report_modes = ['verbose', 'json', 'show_ok', 'show_fail']
     supported_archs = ['X86_64', 'X86_32', 'ARM64', 'ARM']
-    parser = ArgumentParser(prog='kconfig-hardened-check',
+    parser = ArgumentParser(prog='kernel-hardening-checker',
                             description='A tool for checking the security hardening options of the Linux kernel')
     parser.add_argument('--version', action='version', version='%(prog)s ' + __version__)
     parser.add_argument('-m', '--mode', choices=report_modes,

kconfig_hardened_check/test_engine.py → kernel_hardening_checker/test_engine.py

@@ -5,7 +5,7 @@ This tool is for checking the security hardening options of the Linux kernel.
 
 Author: Alexander Popov <alex.popov@linux.com>
 
-This module performs unit-testing of the kconfig-hardened-check engine.
+This module performs unit-testing of the kernel-hardening-checker engine.
 """
 
 # pylint: disable=missing-function-docstring,line-too-long

setup.cfg

 [metadata]
-name = kconfig-hardened-check
+name = kernel-hardening-checker
 author = Alexander Popov
 author_email = alex.popov@linux.com
-home_page = https://github.com/a13xp0p0v/kconfig-hardened-check
+home_page = https://github.com/a13xp0p0v/kernel-hardening-checker
 description = A tool for checking the security hardening options of the Linux kernel
 long_description = file: README.md
 license = GNU General Public License v3 (GPLv3)
@@ -18,14 +18,14 @@ classifiers =
 [options]
 setup_requires = setuptools
 packages =
-	kconfig_hardened_check
-	kconfig_hardened_check.config_files
-	kconfig_hardened_check.config_files.defconfigs
-	kconfig_hardened_check.config_files.distros
-	kconfig_hardened_check.config_files.kspp-recommendations
+	kernel_hardening_checker
+	kernel_hardening_checker.config_files
+	kernel_hardening_checker.config_files.defconfigs
+	kernel_hardening_checker.config_files.distros
+	kernel_hardening_checker.config_files.kspp-recommendations
 include_package_data = true
 
 [options.entry_points]
 console_scripts =
-	kconfig-hardened-check = kconfig_hardened_check:main
+	kernel-hardening-checker = kernel_hardening_checker:main
 

setup.py

@@ -3,7 +3,7 @@
 from setuptools import setup
 
 about = {}
-with open("kconfig_hardened_check/__about__.py") as f:
+with open("kernel_hardening_checker/__about__.py") as f:
     exec(f.read(), about)
 
 print('v: "{}"'.format(about['__version__']))