Skip to content

K
kernel-hardening-checker
Commit f0c9f888 by Alexander Popov
Options

Add the LEGACY_TIOCSTI check

parent fa57d8b2
Showing with 3 additions and 1 deletions
kconfig_hardened_check/checks.py
...@@ -31,8 +31,9 @@ This module contains knowledge for checks. ...@@ -31,8 +31,9 @@ This module contains knowledge for checks.
# fs.protected_regular=2 # fs.protected_regular=2
# fs.suid_dumpable=0 # fs.suid_dumpable=0
# kernel.modules_disabled=1 # kernel.modules_disabled=1
# kernel.randomize_va_space = 2 # kernel.randomize_va_space=2
# nosmt sysfs control file # nosmt sysfs control file
# dev.tty.legacy_tiocsti=0
# #
# Think of these boot params: # Think of these boot params:
# module.sig_enforce=1 # module.sig_enforce=1
...@@ -378,6 +379,7 @@ def add_kconfig_checks(l, arch): ...@@ -378,6 +379,7 @@ def add_kconfig_checks(l, arch):
l += [bpf_syscall_not_set] # refers to LOCKDOWN l += [bpf_syscall_not_set] # refers to LOCKDOWN
# 'cut_attack_surface', 'my' # 'cut_attack_surface', 'my'
l += [KconfigCheck('cut_attack_surface', 'my', 'LEGACY_TIOCSTI', 'is not set')]
l += [KconfigCheck('cut_attack_surface', 'my', 'MMIOTRACE', 'is not set')] # refers to LOCKDOWN (permissive) l += [KconfigCheck('cut_attack_surface', 'my', 'MMIOTRACE', 'is not set')] # refers to LOCKDOWN (permissive)
l += [KconfigCheck('cut_attack_surface', 'my', 'LIVEPATCH', 'is not set')] l += [KconfigCheck('cut_attack_surface', 'my', 'LIVEPATCH', 'is not set')]
l += [KconfigCheck('cut_attack_surface', 'my', 'IP_DCCP', 'is not set')] l += [KconfigCheck('cut_attack_surface', 'my', 'IP_DCCP', 'is not set')]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment