- 09 Dec, 2023 4 commits
-
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Thanks to @vobst for the idea
Alexander Popov authored
-
- 02 Dec, 2023 8 commits
-
-
Alexander Popov authored
-
Thanks to @izh1979 for the idea
Alexander Popov authored -
Thanks to @izh1979 for the idea
Alexander Popov authored -
Thanks to @izh1979 for the idea
Alexander Popov authored -
Thanks to @izh1979 for the idea
Alexander Popov authored -
Disabling kernel modules is a radical method to cut the kernel attack surface. It may be useful for some systems. Quoting CLIP OS recommendation: ``` Disable module loading once systemd has loaded the ones required for the running machine according to a profile. ```
Alexander Popov authored -
Alexander Popov authored
-
Alexander Popov authored
-
- 01 Dec, 2023 1 commit
-
-
--kernel-version option will extract the version in /proc/version. This is especially useful on embedded systems where config.gz doesn't always contain the kernel version Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
Fabrice Fontaine authored
-
- 18 Oct, 2023 1 commit
-
-
Alexander Popov authored
-
- 17 Oct, 2023 16 commits
-
-
Alexander Popov authored
-
Use 'cut_attack_surface'.
Alexander Popov authored -
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Don't require slab_common.usercopy_fallback=0, since HARDENED_USERCOPY_FALLBACK was removed in Linux v5.16
Alexander Popov authored -
Alexander Popov authored
-
- 16 Oct, 2023 4 commits
-
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Thanks, @SuperSandro2000
Alexander Popov authored
-
- 05 Oct, 2023 1 commit
-
-
This is guaranteed to work everything including NixOS
Sandro Jäckel authored
-
- 04 Oct, 2023 1 commit
-
-
This option isn't worth the performance impact. Refers to #82.
Alexander Popov authored
-
- 18 Sep, 2023 2 commits
-
-
Alexander Popov authored
-
Alexander Popov authored
-
- 17 Sep, 2023 2 commits
-
-
Alexander Popov authored
-
**kconfig-hardened-check** is a tool for checking the security hardening options of the Linux kernel. In addition to Kconfig options, it now can check kernel cmdline arguments and sysctl parameters. It's time to give this project a new name that describes it better: **kernel-hardening-checker**.
Alexander Popov authored
-
