Rename kconfig-hardened-check into kernel-hardening-checker (#85)

**kconfig-hardened-check** is a tool for checking the security hardening
options of the Linux kernel.

In addition to Kconfig options, it now can check kernel cmdline
arguments and sysctl parameters.

It's time to give this project a new name that describes it better:
**kernel-hardening-checker**.

.github/workflows/engine_unit-test.yml

@@ -34,7 +34,7 @@ jobs:
 
     - name: Run unit-tests and collect coverage
       run: |
-        coverage run --include=kconfig_hardened_check/engine.py,kconfig_hardened_check/test_engine.py -m unittest -v -b
+        coverage run --include=kernel_hardening_checker/engine.py,kernel_hardening_checker/test_engine.py -m unittest -v -b
         coverage xml -i -o coverage_unittest.xml
 
     - name: Handle coverage

.github/workflows/functional_test.sh

@@ -9,34 +9,34 @@ git show -s
 echo "Beginning of the functional tests"
 
 echo ">>>>> get help <<<<<"
-coverage run -a --branch bin/kconfig-hardened-check
-coverage run -a --branch bin/kconfig-hardened-check -h
+coverage run -a --branch bin/kernel-hardening-checker
+coverage run -a --branch bin/kernel-hardening-checker -h
 
 echo ">>>>> get version <<<<<"
-coverage run -a --branch bin/kconfig-hardened-check --version
+coverage run -a --branch bin/kernel-hardening-checker --version
 
 echo ">>>>> print the security hardening recommendations <<<<<"
-coverage run -a --branch bin/kconfig-hardened-check -p X86_64
-coverage run -a --branch bin/kconfig-hardened-check -p X86_64 -m verbose
-coverage run -a --branch bin/kconfig-hardened-check -p X86_64 -m json
+coverage run -a --branch bin/kernel-hardening-checker -p X86_64
+coverage run -a --branch bin/kernel-hardening-checker -p X86_64 -m verbose
+coverage run -a --branch bin/kernel-hardening-checker -p X86_64 -m json
 
-coverage run -a --branch bin/kconfig-hardened-check -p X86_32
-coverage run -a --branch bin/kconfig-hardened-check -p X86_32 -m verbose
-coverage run -a --branch bin/kconfig-hardened-check -p X86_32 -m json
+coverage run -a --branch bin/kernel-hardening-checker -p X86_32
+coverage run -a --branch bin/kernel-hardening-checker -p X86_32 -m verbose
+coverage run -a --branch bin/kernel-hardening-checker -p X86_32 -m json
 
-coverage run -a --branch bin/kconfig-hardened-check -p ARM64
-coverage run -a --branch bin/kconfig-hardened-check -p ARM64 -m verbose
-coverage run -a --branch bin/kconfig-hardened-check -p ARM64 -m json
+coverage run -a --branch bin/kernel-hardening-checker -p ARM64
+coverage run -a --branch bin/kernel-hardening-checker -p ARM64 -m verbose
+coverage run -a --branch bin/kernel-hardening-checker -p ARM64 -m json
 
-coverage run -a --branch bin/kconfig-hardened-check -p ARM
-coverage run -a --branch bin/kconfig-hardened-check -p ARM -m verbose
-coverage run -a --branch bin/kconfig-hardened-check -p ARM -m json
+coverage run -a --branch bin/kernel-hardening-checker -p ARM
+coverage run -a --branch bin/kernel-hardening-checker -p ARM -m verbose
+coverage run -a --branch bin/kernel-hardening-checker -p ARM -m json
 
 echo ">>>>> generate the Kconfig fragment <<<<<"
-coverage run -a --branch bin/kconfig-hardened-check -g X86_64
-coverage run -a --branch bin/kconfig-hardened-check -g X86_32
-coverage run -a --branch bin/kconfig-hardened-check -g ARM64
-coverage run -a --branch bin/kconfig-hardened-check -g ARM
+coverage run -a --branch bin/kernel-hardening-checker -g X86_64
+coverage run -a --branch bin/kernel-hardening-checker -g X86_32
+coverage run -a --branch bin/kernel-hardening-checker -g ARM64
+coverage run -a --branch bin/kernel-hardening-checker -g ARM
 
 echo ">>>>> check the example kconfig files, cmdline, and sysctl <<<<<"
 cat /proc/cmdline
@@ -51,103 +51,103 @@ for C in $KCONFIGS
 do
         COUNT=$(expr $COUNT + 1)
         echo "\n>>>>> checking kconfig number $COUNT <<<<<"
-        coverage run -a --branch bin/kconfig-hardened-check -c $C
-        coverage run -a --branch bin/kconfig-hardened-check -c $C -m verbose > /dev/null
-        coverage run -a --branch bin/kconfig-hardened-check -c $C -l /proc/cmdline
-        coverage run -a --branch bin/kconfig-hardened-check -c $C -s /tmp/sysctls
-        coverage run -a --branch bin/kconfig-hardened-check -c $C -l ./cmdline_example -s $SYSCTL_EXAMPLE
-        coverage run -a --branch bin/kconfig-hardened-check -c $C -l ./cmdline_example -s $SYSCTL_EXAMPLE -m verbose > /dev/null
-        coverage run -a --branch bin/kconfig-hardened-check -c $C -l ./cmdline_example -s $SYSCTL_EXAMPLE -m json
-        coverage run -a --branch bin/kconfig-hardened-check -c $C -l ./cmdline_example -s $SYSCTL_EXAMPLE -m show_ok
-        coverage run -a --branch bin/kconfig-hardened-check -c $C -l ./cmdline_example -s $SYSCTL_EXAMPLE -m show_fail
+        coverage run -a --branch bin/kernel-hardening-checker -c $C
+        coverage run -a --branch bin/kernel-hardening-checker -c $C -m verbose > /dev/null
+        coverage run -a --branch bin/kernel-hardening-checker -c $C -l /proc/cmdline
+        coverage run -a --branch bin/kernel-hardening-checker -c $C -s /tmp/sysctls
+        coverage run -a --branch bin/kernel-hardening-checker -c $C -l ./cmdline_example -s $SYSCTL_EXAMPLE
+        coverage run -a --branch bin/kernel-hardening-checker -c $C -l ./cmdline_example -s $SYSCTL_EXAMPLE -m verbose > /dev/null
+        coverage run -a --branch bin/kernel-hardening-checker -c $C -l ./cmdline_example -s $SYSCTL_EXAMPLE -m json
+        coverage run -a --branch bin/kernel-hardening-checker -c $C -l ./cmdline_example -s $SYSCTL_EXAMPLE -m show_ok
+        coverage run -a --branch bin/kernel-hardening-checker -c $C -l ./cmdline_example -s $SYSCTL_EXAMPLE -m show_fail
 done
 echo "\n>>>>> have checked $COUNT kconfigs <<<<<"
 
 echo ">>>>> check sysctl separately <<<<<"
-coverage run -a --branch bin/kconfig-hardened-check -s $SYSCTL_EXAMPLE
-coverage run -a --branch bin/kconfig-hardened-check -s $SYSCTL_EXAMPLE -m verbose > /dev/null
-coverage run -a --branch bin/kconfig-hardened-check -s $SYSCTL_EXAMPLE -m json
-coverage run -a --branch bin/kconfig-hardened-check -s $SYSCTL_EXAMPLE -m show_ok
-coverage run -a --branch bin/kconfig-hardened-check -s $SYSCTL_EXAMPLE -m show_fail
+coverage run -a --branch bin/kernel-hardening-checker -s $SYSCTL_EXAMPLE
+coverage run -a --branch bin/kernel-hardening-checker -s $SYSCTL_EXAMPLE -m verbose > /dev/null
+coverage run -a --branch bin/kernel-hardening-checker -s $SYSCTL_EXAMPLE -m json
+coverage run -a --branch bin/kernel-hardening-checker -s $SYSCTL_EXAMPLE -m show_ok
+coverage run -a --branch bin/kernel-hardening-checker -s $SYSCTL_EXAMPLE -m show_fail
 
 echo "Collect coverage for error handling"
 
 echo ">>>>> -c and -p together <<<<<"
-coverage run -a --branch bin/kconfig-hardened-check -p X86_64 -c kconfig_hardened_check/config_files/distros/fedora_34.config && exit 1
+coverage run -a --branch bin/kernel-hardening-checker -p X86_64 -c kernel_hardening_checker/config_files/distros/fedora_34.config && exit 1
 
 echo ">>>>> -c and -g together <<<<<"
-coverage run -a --branch bin/kconfig-hardened-check -g X86_64 -c kconfig_hardened_check/config_files/distros/fedora_34.config && exit 1
+coverage run -a --branch bin/kernel-hardening-checker -g X86_64 -c kernel_hardening_checker/config_files/distros/fedora_34.config && exit 1
 
 echo ">>>>> -l without -c <<<<<"
-coverage run -a --branch bin/kconfig-hardened-check -l /proc/cmdline && exit 1
+coverage run -a --branch bin/kernel-hardening-checker -l /proc/cmdline && exit 1
 
 echo ">>>>> -s and -p together <<<<<"
-coverage run -a --branch bin/kconfig-hardened-check -p X86_64 -s $SYSCTL_EXAMPLE && exit 1
+coverage run -a --branch bin/kernel-hardening-checker -p X86_64 -s $SYSCTL_EXAMPLE && exit 1
 
 echo ">>>>> -s and -g together <<<<<"
-coverage run -a --branch bin/kconfig-hardened-check -g X86_64 -s $SYSCTL_EXAMPLE && exit 1
+coverage run -a --branch bin/kernel-hardening-checker -g X86_64 -s $SYSCTL_EXAMPLE && exit 1
 
 echo ">>>>> -p and -g together <<<<<"
-coverage run -a --branch bin/kconfig-hardened-check -p X86_64 -g X86_64 && exit 1
+coverage run -a --branch bin/kernel-hardening-checker -p X86_64 -g X86_64 && exit 1
 
 echo ">>>>> wrong modes for -p <<<<<"
-coverage run -a --branch bin/kconfig-hardened-check -p X86_64 -m show_ok && exit 1
-coverage run -a --branch bin/kconfig-hardened-check -p X86_64 -m show_fail && exit 1
+coverage run -a --branch bin/kernel-hardening-checker -p X86_64 -m show_ok && exit 1
+coverage run -a --branch bin/kernel-hardening-checker -p X86_64 -m show_fail && exit 1
 
 echo ">>>>> wrong mode for -g <<<<<"
-coverage run -a --branch bin/kconfig-hardened-check -g X86_64 -m show_ok && exit 1
+coverage run -a --branch bin/kernel-hardening-checker -g X86_64 -m show_ok && exit 1
 
-cp kconfig_hardened_check/config_files/distros/fedora_34.config ./test.config
+cp kernel_hardening_checker/config_files/distros/fedora_34.config ./test.config
 
 echo ">>>>> no kernel version <<<<<"
 sed '3d' test.config > error.config
-coverage run -a --branch bin/kconfig-hardened-check -c error.config && exit 1
+coverage run -a --branch bin/kernel-hardening-checker -c error.config && exit 1
 
 echo ">>>>> strange kernel version string <<<<<"
 sed '3 s/5./version 5./' test.config > error.config
-coverage run -a --branch bin/kconfig-hardened-check -c error.config && exit 1
+coverage run -a --branch bin/kernel-hardening-checker -c error.config && exit 1
 
 echo ">>>>> no arch <<<<<"
 sed '305d' test.config > error.config
-coverage run -a --branch bin/kconfig-hardened-check -c error.config && exit 1
+coverage run -a --branch bin/kernel-hardening-checker -c error.config && exit 1
 
 echo ">>>>> more than one arch <<<<<"
 cp test.config error.config
 echo 'CONFIG_ARM64=y' >> error.config
-coverage run -a --branch bin/kconfig-hardened-check -c error.config && exit 1
+coverage run -a --branch bin/kernel-hardening-checker -c error.config && exit 1
 
 echo ">>>>> invalid enabled kconfig option <<<<<"
 cp test.config error.config
 echo 'CONFIG_FOO=is not set' >> error.config
-coverage run -a --branch bin/kconfig-hardened-check -c error.config && exit 1
+coverage run -a --branch bin/kernel-hardening-checker -c error.config && exit 1
 
 echo ">>>>> one config option multiple times <<<<<"
 cp test.config error.config
 echo 'CONFIG_BUG=y' >> error.config
-coverage run -a --branch bin/kconfig-hardened-check -c error.config && exit 1
+coverage run -a --branch bin/kernel-hardening-checker -c error.config && exit 1
 
 echo ">>>>> invalid compiler versions <<<<<"
 cp test.config error.config
 sed '8 s/CONFIG_CLANG_VERSION=0/CONFIG_CLANG_VERSION=120000/' test.config > error.config
-coverage run -a --branch bin/kconfig-hardened-check -c error.config && exit 1
+coverage run -a --branch bin/kernel-hardening-checker -c error.config && exit 1
 
 echo ">>>>> unexpected line in the kconfig file <<<<<"
 cp test.config error.config
 echo 'some strange line' >> error.config
-coverage run -a --branch bin/kconfig-hardened-check -c error.config && exit 1
+coverage run -a --branch bin/kernel-hardening-checker -c error.config && exit 1
 
 echo ">>>>> multi-line cmdline file <<<<<"
 echo 'hey man 1' > cmdline
 echo 'hey man 2' >> cmdline
-coverage run -a --branch bin/kconfig-hardened-check -c test.config -l cmdline && exit 1
+coverage run -a --branch bin/kernel-hardening-checker -c test.config -l cmdline && exit 1
 
 echo ">>>>> unexpected line in the sysctl file <<<<<"
 cp $SYSCTL_EXAMPLE error_sysctls
 echo 'some strange line' >> error_sysctls
-coverage run -a --branch bin/kconfig-hardened-check -c test.config -s error_sysctls && exit 1
+coverage run -a --branch bin/kernel-hardening-checker -c test.config -s error_sysctls && exit 1
 
 echo ">>>>> invalid sysctl file <<<<<"
 touch empty_file
-coverage run -a --branch bin/kconfig-hardened-check -c test.config -s empty_file && exit 1
+coverage run -a --branch bin/kernel-hardening-checker -c test.config -s empty_file && exit 1
 
 echo "The end of the functional tests"

.github/workflows/functional_test.yml

@@ -29,9 +29,9 @@ jobs:
       run: |
         python -m pip install --upgrade pip
         echo "Install the package via pip..."
-        pip --verbose install git+https://github.com/a13xp0p0v/kconfig-hardened-check
+        pip --verbose install git+https://github.com/a13xp0p0v/kernel-hardening-checker
         echo "Run the installed tool..."
-        kconfig-hardened-check
+        kernel-hardening-checker
 
     - name: Check all configs with the installed tool
       run: |
@@ -44,7 +44,7 @@ jobs:
         do
                 COUNT=$(expr $COUNT + 1)
                 echo -e "\n>>>>> checking kconfig number $COUNT <<<<<"
-                kconfig-hardened-check -c $C -l /proc/cmdline -s /tmp/sysctls
+                kernel-hardening-checker -c $C -l /proc/cmdline -s /tmp/sysctls
         done
         echo -e "\nHave checked $COUNT kconfigs"
 

.woodpecker/engine_unit-test.yml

@@ -8,6 +8,6 @@ steps:
       - python --version
       - pip install --no-cache-dir coverage
       - echo "Run unit-tests and collect coverage..."
-      - coverage run --include=kconfig_hardened_check/engine.py,kconfig_hardened_check/test_engine.py -m unittest -v -b
+      - coverage run --include=kernel_hardening_checker/engine.py,kernel_hardening_checker/test_engine.py -m unittest -v -b
       - echo "Show the coverage report..."
       - coverage report

.woodpecker/functional_test.yml

@@ -10,16 +10,16 @@ steps:
       - ls -la
       - python --version
       - echo "Install the package via pip..."
-      - pip --verbose install --no-cache-dir git+https://github.com/a13xp0p0v/kconfig-hardened-check
+      - pip --verbose install --no-cache-dir git+https://github.com/a13xp0p0v/kernel-hardening-checker
       - echo "Run the installed tool..."
-      - which kconfig-hardened-check
-      - kconfig-hardened-check
+      - which kernel-hardening-checker
+      - kernel-hardening-checker
       - echo "Check all configs with the installed tool..."
       - sysctl -a > /tmp/sysctls
       - CONFIG_DIR=`find /usr/local/lib/ -name config_files`
       - KCONFIGS=`find $CONFIG_DIR -type f | grep -e "\.config" -e "\.gz"`
       - COUNT=0
-      - for C in $KCONFIGS; do COUNT=$(expr $COUNT + 1); echo ">>>>> checking kconfig number $COUNT <<<<<"; kconfig-hardened-check -c $C -l /proc/cmdline -s /tmp/sysctls; done
+      - for C in $KCONFIGS; do COUNT=$(expr $COUNT + 1); echo ">>>>> checking kconfig number $COUNT <<<<<"; kernel-hardening-checker -c $C -l /proc/cmdline -s /tmp/sysctls; done
       - echo "Have checked $COUNT kconfigs"
   functional-test-with-coverage:
     image: python:3

MANIFEST.in

 include README.md
 include LICENSE.txt
-recursive-include kconfig_hardened_check *
+recursive-include kernel_hardening_checker *

README.md

-# kconfig-hardened-check
+# kernel-hardening-checker
 
-[![GitHub tag (latest by date)](https://img.shields.io/github/v/tag/a13xp0p0v/kconfig-hardened-check?label=release)](https://github.com/a13xp0p0v/kconfig-hardened-check/tags)<br />
-[![functional test](https://github.com/a13xp0p0v/kconfig-hardened-check/workflows/functional%20test/badge.svg)](https://github.com/a13xp0p0v/kconfig-hardened-check/actions/workflows/functional_test.yml)
-[![functional test coverage](https://codecov.io/gh/a13xp0p0v/kconfig-hardened-check/graph/badge.svg?flag=functional_test)](https://codecov.io/gh/a13xp0p0v/kconfig-hardened-check)<br />
-[![engine unit-test](https://github.com/a13xp0p0v/kconfig-hardened-check/workflows/engine%20unit-test/badge.svg)](https://github.com/a13xp0p0v/kconfig-hardened-check/actions/workflows/engine_unit-test.yml)
-[![unit-test coverage](https://codecov.io/gh/a13xp0p0v/kconfig-hardened-check/graph/badge.svg?flag=engine_unit-test)](https://codecov.io/gh/a13xp0p0v/kconfig-hardened-check)
+__(formerly kconfig-hardened-check)__<br />
+[![functional test](https://github.com/a13xp0p0v/kernel-hardening-checker/workflows/functional%20test/badge.svg)](https://github.com/a13xp0p0v/kernel-hardening-checker/actions/workflows/functional_test.yml)
+[![functional test coverage](https://codecov.io/gh/a13xp0p0v/kernel-hardening-checker/graph/badge.svg?flag=functional_test)](https://codecov.io/gh/a13xp0p0v/kernel-hardening-checker)<br />
+[![engine unit-test](https://github.com/a13xp0p0v/kernel-hardening-checker/workflows/engine%20unit-test/badge.svg)](https://github.com/a13xp0p0v/kernel-hardening-checker/actions/workflows/engine_unit-test.yml)
+[![unit-test coverage](https://codecov.io/gh/a13xp0p0v/kernel-hardening-checker/graph/badge.svg?flag=engine_unit-test)](https://codecov.io/gh/a13xp0p0v/kernel-hardening-checker)<br />
+[![GitHub tag (latest by date)](https://img.shields.io/github/v/tag/a13xp0p0v/kernel-hardening-checker?label=release)](https://github.com/a13xp0p0v/kernel-hardening-checker/tags)
 
 ## Motivation
 
@@ -14,7 +15,7 @@ make our systems more secure.
 
 But nobody likes checking configs manually. So let the computers do their job!
 
-__kconfig-hardened-check__ is a tool for checking the security hardening options of the Linux kernel. It supports checking:
+__kernel-hardening-checker__ (formerly __kconfig-hardened-check__) is a tool for checking the security hardening options of the Linux kernel. It supports checking:
 
   - Kconfig options (compile-time)
   - Kernel cmdline arguments (boot-time)
@@ -39,9 +40,9 @@ of its typical workload.
 
 ## Repositories
 
- - Main at GitHub <https://github.com/a13xp0p0v/kconfig-hardened-check>
- - Mirror at Codeberg: <https://codeberg.org/a13xp0p0v/kconfig-hardened-check>
- - Mirror at GitFlic: <https://gitflic.ru/project/a13xp0p0v/kconfig-hardened-check>
+ - Main at GitHub <https://github.com/a13xp0p0v/kernel-hardening-checker>
+ - Mirror at Codeberg: <https://codeberg.org/a13xp0p0v/kernel-hardening-checker>
+ - Mirror at GitFlic: <https://gitflic.ru/project/a13xp0p0v/kernel-hardening-checker>
 
 ## Supported microarchitectures
 
@@ -57,16 +58,16 @@ TODO: RISC-V (issue [#56][22])
 You can install the package:
 
 ```
-pip install git+https://github.com/a13xp0p0v/kconfig-hardened-check
+pip install git+https://github.com/a13xp0p0v/kernel-hardening-checker
 ```
 
-or simply run `./bin/kconfig-hardened-check` from the cloned repository.
+or simply run `./bin/kernel-hardening-checker` from the cloned repository.
 
-Some Linux distributions also provide `kconfig-hardened-check` as a package.
+Some Linux distributions also provide `kernel-hardening-checker` as a package.
 
 ## Usage
 ```
-usage: kconfig-hardened-check [-h] [--version] [-m {verbose,json,show_ok,show_fail}]
+usage: kernel-hardening-checker [-h] [--version] [-m {verbose,json,show_ok,show_fail}]
                               [-c CONFIG] [-l CMDLINE] [-s SYSCTL]
                               [-p {X86_64,X86_32,ARM64,ARM}]
                               [-g {X86_64,X86_32,ARM64,ARM}]
@@ -110,14 +111,14 @@ CONFIG_DEVMEM                           |kconfig| is not set |   kspp   |cut_att
 ```
   - `-m show_fail` for showing only the failed checks
   - `-m show_ok` for showing only the successful checks
-  - `-m json` for printing the results in JSON format (for combining `kconfig-hardened-check` with other tools)
+  - `-m json` for printing the results in JSON format (for combining `kernel-hardening-checker` with other tools)
 
 ## Example output for `Fedora 38` kernel configuration
 ```
-$ ./bin/kconfig-hardened-check -c kconfig_hardened_check/config_files/distros/fedora_38.config -l /proc/cmdline -s kconfig_hardened_check/config_files/distros/example_sysctls.txt 
-[+] Kconfig file to check: kconfig_hardened_check/config_files/distros/fedora_38.config
+$ ./bin/kernel-hardening-checker -c kernel_hardening_checker/config_files/distros/fedora_38.config -l /proc/cmdline -s kernel_hardening_checker/config_files/distros/example_sysctls.txt 
+[+] Kconfig file to check: kernel_hardening_checker/config_files/distros/fedora_38.config
 [+] Kernel cmdline file to check: /proc/cmdline
-[+] Sysctl output file to check: kconfig_hardened_check/config_files/distros/example_sysctls.txt
+[+] Sysctl output file to check: kernel_hardening_checker/config_files/distros/example_sysctls.txt
 [+] Detected microarchitecture: X86_64
 [+] Detected kernel version: 6.3
 [+] Detected compiler: GCC 130101
@@ -374,7 +375,7 @@ With the `-g` argument, the tool generates a Kconfig fragment with the security
 
 This Kconfig fragment can be merged with the existing Linux kernel config:
 ```
-$ ./bin/kconfig-hardened-check -g X86_64 > /tmp/fragment
+$ ./bin/kernel-hardening-checker -g X86_64 > /tmp/fragment
 $ cd ~/linux-src/
 $ ./scripts/kconfig/merge_config.sh .config /tmp/fragment
 Using .config as base
@@ -389,7 +390,7 @@ New value: CONFIG_BUG_ON_DATA_CORRUPTION=y
 
 __Q:__ How all these kernel parameters influence the Linux kernel security?
 
-__A:__ To answer this question, you can use the `kconfig-hardened-check` [sources of recommendations][24]
+__A:__ To answer this question, you can use the `kernel-hardening-checker` [sources of recommendations][24]
 and the [Linux Kernel Defence Map][4] with its references.
 
 <br />
@@ -463,7 +464,7 @@ try to install `gcc-7-plugin-dev` package, it should help.
 [3]: https://grsecurity.net/
 [4]: https://github.com/a13xp0p0v/linux-kernel-defence-map
 [5]: https://lwn.net/Articles/791863/
-[6]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues/38
+[6]: https://github.com/a13xp0p0v/kernel-hardening-checker/issues/38
 [7]: https://github.com/BlackIkeEagle
 [8]: https://blog.herecura.eu/blog/2020-05-30-kconfig-hardening-tests/
 [9]: https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html
@@ -472,13 +473,13 @@ try to install `gcc-7-plugin-dev` package, it should help.
 [12]: https://github.com/tych0
 [13]: https://github.com/speed47/spectre-meltdown-checker
 [14]: https://github.com/speed47
-[15]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues/53
-[16]: https://github.com/a13xp0p0v/kconfig-hardened-check/pull/54
-[17]: https://github.com/a13xp0p0v/kconfig-hardened-check/pull/62
+[15]: https://github.com/a13xp0p0v/kernel-hardening-checker/issues/53
+[16]: https://github.com/a13xp0p0v/kernel-hardening-checker/pull/54
+[17]: https://github.com/a13xp0p0v/kernel-hardening-checker/pull/62
 [18]: https://cateee.net/lkddb/web-lkddb/
 [19]: https://github.com/cateee/lkddb
 [20]: https://kernel.org/
-[21]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues/66
-[22]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues/56
-[23]: https://github.com/a13xp0p0v/kconfig-hardened-check/issues?q=label%3Akernel_maintainer_feedback
-[24]: https://github.com/a13xp0p0v/kconfig-hardened-check#motivation
+[21]: https://github.com/a13xp0p0v/kernel-hardening-checker/issues/66
+[22]: https://github.com/a13xp0p0v/kernel-hardening-checker/issues/56
+[23]: https://github.com/a13xp0p0v/kernel-hardening-checker/issues?q=label%3Akernel_maintainer_feedback
+[24]: https://github.com/a13xp0p0v/kernel-hardening-checker#motivation

bin/kconfig-hardened-check → bin/kernel-hardening-checker

@@ -10,6 +10,6 @@ current_dir = os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentfra
 parent_dir = os.path.dirname(current_dir)
 sys.path.insert(0, parent_dir)
 
-import kconfig_hardened_check
+import kernel_hardening_checker
 
-kconfig_hardened_check.main()
+kernel_hardening_checker.main()

default.nix

-{ pkgs ? (import <nixpkgs> {}) }:
-with pkgs;
-
-pkgs.python3.pkgs.buildPythonPackage {
-  name = "kconfig-hardend-check";
-  src = ./.;
-  SOURCE_DATE_EPOCH = "1523278946";
-}

kconfig_hardened_check/__init__.py → kernel_hardening_checker/__init__.py

@@ -230,7 +230,7 @@ def main():
     #   * json mode for printing the results in JSON format
     report_modes = ['verbose', 'json', 'show_ok', 'show_fail']
     supported_archs = ['X86_64', 'X86_32', 'ARM64', 'ARM']
-    parser = ArgumentParser(prog='kconfig-hardened-check',
+    parser = ArgumentParser(prog='kernel-hardening-checker',
                             description='A tool for checking the security hardening options of the Linux kernel')
     parser.add_argument('--version', action='version', version='%(prog)s ' + __version__)
     parser.add_argument('-m', '--mode', choices=report_modes,

kconfig_hardened_check/test_engine.py → kernel_hardening_checker/test_engine.py

@@ -5,7 +5,7 @@ This tool is for checking the security hardening options of the Linux kernel.
 
 Author: Alexander Popov <alex.popov@linux.com>
 
-This module performs unit-testing of the kconfig-hardened-check engine.
+This module performs unit-testing of the kernel-hardening-checker engine.
 """
 
 # pylint: disable=missing-function-docstring,line-too-long

setup.cfg

 [metadata]
-name = kconfig-hardened-check
+name = kernel-hardening-checker
 author = Alexander Popov
 author_email = alex.popov@linux.com
-home_page = https://github.com/a13xp0p0v/kconfig-hardened-check
+home_page = https://github.com/a13xp0p0v/kernel-hardening-checker
 description = A tool for checking the security hardening options of the Linux kernel
 long_description = file: README.md
 license = GNU General Public License v3 (GPLv3)
@@ -18,14 +18,14 @@ classifiers =
 [options]
 setup_requires = setuptools
 packages =
-	kconfig_hardened_check
-	kconfig_hardened_check.config_files
-	kconfig_hardened_check.config_files.defconfigs
-	kconfig_hardened_check.config_files.distros
-	kconfig_hardened_check.config_files.kspp-recommendations
+	kernel_hardening_checker
+	kernel_hardening_checker.config_files
+	kernel_hardening_checker.config_files.defconfigs
+	kernel_hardening_checker.config_files.distros
+	kernel_hardening_checker.config_files.kspp-recommendations
 include_package_data = true
 
 [options.entry_points]
 console_scripts =
-	kconfig-hardened-check = kconfig_hardened_check:main
+	kernel-hardening-checker = kernel_hardening_checker:main
 

setup.py

@@ -3,7 +3,7 @@
 from setuptools import setup
 
 about = {}
-with open("kconfig_hardened_check/__about__.py") as f:
+with open("kernel_hardening_checker/__about__.py") as f:
     exec(f.read(), about)
 
 print('v: "{}"'.format(about['__version__']))