Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
kernel-hardening-checker
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
fact-depend
kernel-hardening-checker
Commits
ef29eb0e
Commit
ef29eb0e
authored
May 28, 2022
by
Alexander Popov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Describe the cmdline checking support in README
parent
22bb83e2
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
8 additions
and
3 deletions
+8
-3
README.md
README.md
+8
-3
No files found.
README.md
View file @
ef29eb0e
...
...
@@ -5,13 +5,13 @@
## Motivation
There are plenty of security hardening options
in
the Linux kernel. A lot of them are
There are plenty of security hardening options
for
the Linux kernel. A lot of them are
not enabled by the major distros. We have to enable these options ourselves to
make our systems more secure.
But nobody likes checking configs manually. So let the computers do their job!
__kconfig-hardened-check.py__
helps me to check the Linux kernel
Kconfig option list
__kconfig-hardened-check.py__
helps me to check the Linux kernel
options
against my security hardening preferences, which are based on the
-
[
KSPP recommended settings
][
1
]
,
...
...
@@ -20,6 +20,8 @@ against my security hardening preferences, which are based on the
-
[
SECURITY_LOCKDOWN_LSM
][
5
]
patchset,
-
Direct feedback from Linux kernel maintainers (see
[
#38
][
6
]
,
[
#53
][
15
]
,
[
#54
][
16
]
,
[
#62
][
17
]
).
This tool supports checking __Kconfig__ options and __kernel cmdline__ parameters.
I also created
[
__Linux Kernel Defence Map__
][
4
]
that is a graphical representation of the
relationships between security hardening features and the corresponding vulnerability classes
or exploitation techniques.
...
...
@@ -49,6 +51,7 @@ Some Linux distributions also provide `kconfig-hardened-check` as a package.
```
usage: kconfig-hardened-check [-h] [--version] [-p {X86_64,X86_32,ARM64,ARM}]
[-c CONFIG]
[-l CMDLINE]
[-m {verbose,json,show_ok,show_fail}]
A tool for checking the security hardening options of the Linux kernel
...
...
@@ -59,7 +62,9 @@ optional arguments:
-p {X86_64,X86_32,ARM64,ARM}, --print {X86_64,X86_32,ARM64,ARM}
print security hardening preferences for the selected architecture
-c CONFIG, --config CONFIG
check the kernel config file against these preferences
check the kernel kconfig file against these preferences
-l CMDLINE, --cmdline CMDLINE
check the kernel cmdline file against these preferences
-m {verbose,json,show_ok,show_fail}, --mode {verbose,json,show_ok,show_fail}
choose the report mode
```
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
