Improve the comments and README

d6caae53 · Alexander Popov · 4dd0d2f9 · d6caae53 · d6caae53 · d6caae53
Commit d6caae53 authored Jun 12, 2023 by Alexander Popov
5 changed files
--- a/README.md
+++ b/README.md
@@ -14,8 +14,8 @@ make our systems more secure.

 But nobody likes checking configs manually. So let the computers do their job!

-__kconfig-hardened-check__ helps me to check the Linux kernel options
-against my security hardening preferences, which are based on the
+__kconfig-hardened-check__ is a tool for checking the security hardening options of the Linux kernel.
+The recommendations are based on

  - [KSPP recommended settings][1]
  - [CLIP OS kernel configuration][2]
@@ -63,8 +63,8 @@ Some Linux distributions also provide `kconfig-hardened-check` as a package.

 ## Usage
 ```
-usage: kconfig-hardened-check [-h] [--version] [-p {X86_64,X86_32,ARM64,ARM}] [-c CONFIG]
-                              [-l CMDLINE] [-m {verbose,json,show_ok,show_fail}]
+usage: kconfig-hardened-check [-h] [--version] [-p {X86_64,X86_32,ARM64,ARM}] [-c CONFIG] [-l CMDLINE]
+                              [-m {verbose,json,show_ok,show_fail}]

 A tool for checking the security hardening options of the Linux kernel

@@ -72,12 +72,11 @@ options:
  -h, --help            show this help message and exit
  --version             show program's version number and exit
  -p {X86_64,X86_32,ARM64,ARM}, --print {X86_64,X86_32,ARM64,ARM}
-                        print security hardening preferences for the selected architecture
+                        print security hardening options for the selected architecture
  -c CONFIG, --config CONFIG
-                        check the kernel kconfig file against these preferences (also supports
-                        *.gz files)
+                        check security hardening options in the kernel kconfig file (also supports *.gz files)
  -l CMDLINE, --cmdline CMDLINE
-                        check the kernel cmdline file against these preferences
+                        check security hardening options in the kernel cmdline file
  -m {verbose,json,show_ok,show_fail}, --mode {verbose,json,show_ok,show_fail}
                        choose the report mode
 ```

--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
 #!/usr/bin/python3

 """
-This tool helps me to check Linux kernel options against
-my security hardening preferences for X86_64, ARM64, X86_32, and ARM.
-Let the computers do their job!
+This tool is for checking the security hardening options of the Linux kernel.

 Author: Alexander Popov <alex.popov@linux.com>

@@ -211,11 +209,11 @@ def main():
                            description='A tool for checking the security hardening options of the Linux kernel')
    parser.add_argument('--version', action='version', version='%(prog)s ' + __version__)
    parser.add_argument('-p', '--print', choices=supported_archs,
-                        help='print security hardening preferences for the selected architecture')
+                        help='print security hardening options for the selected architecture')
    parser.add_argument('-c', '--config',
-                        help='check the kernel kconfig file against these preferences (also supports *.gz files)')
+                        help='check security hardening options in the kernel kconfig file (also supports *.gz files)')
    parser.add_argument('-l', '--cmdline',
-                        help='check the kernel cmdline file against these preferences')
+                        help='check security hardening options in the kernel cmdline file')
    parser.add_argument('-m', '--mode', choices=report_modes,
                        help='choose the report mode')
    args = parser.parse_args()
@@ -306,7 +304,7 @@ def main():
        add_kconfig_checks(config_checklist, arch)
        add_cmdline_checks(config_checklist, arch)
        if mode != 'json':
-            print(f'[+] Printing kernel security hardening preferences for {arch}...')
+            print(f'[+] Printing kernel security hardening options for {arch}...')
        print_checklist(mode, config_checklist, False)
        sys.exit(0)


--- a/kconfig_hardened_check/checks.py
+++ b/kconfig_hardened_check/checks.py
 #!/usr/bin/python3

 """
-This tool helps me to check Linux kernel options against
-my security hardening preferences for X86_64, ARM64, X86_32, and ARM.
-Let the computers do their job!
+This tool is for checking the security hardening options of the Linux kernel.

 Author: Alexander Popov <alex.popov@linux.com>


--- a/kconfig_hardened_check/engine.py
+++ b/kconfig_hardened_check/engine.py
 #!/usr/bin/python3

 """
-This tool helps me to check Linux kernel options against
-my security hardening preferences for X86_64, ARM64, X86_32, and ARM.
-Let the computers do their job!
+This tool is for checking the security hardening options of the Linux kernel.

 Author: Alexander Popov <alex.popov@linux.com>


--- a/kconfig_hardened_check/test_engine.py
+++ b/kconfig_hardened_check/test_engine.py
 #!/usr/bin/python3

 """
-This tool helps me to check Linux kernel options against
-my security hardening preferences for X86_64, ARM64, X86_32, and ARM.
-Let the computers do their job!
+This tool is for checking the security hardening options of the Linux kernel.

 Author: Alexander Popov <alex.popov@linux.com>