You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$ python3 ./bin/kernel-hardening-checker -husage: kernel-hardening-checker [-h] [--version] [-m {verbose,json,show_ok,show_fail}] [-c CONFIG] [-l CMDLINE] [-s SYSCTL] [-v KERNEL_VERSION] [-p {X86_64,X86_32,ARM64,ARM}] [-g {X86_64,X86_32,ARM64,ARM}]A tool for checking the security hardening options of the Linux kerneloptions: -h, --help show this help message and exit --version show program's version number and exit -m {verbose,json,show_ok,show_fail}, --mode {verbose,json,show_ok,show_fail} choose the report mode -c CONFIG, --config CONFIG check the security hardening options in the kernel Kconfig file (also supports *.gz files) -l CMDLINE, --cmdline CMDLINE check the security hardening options in the kernel cmdline file (contents of /proc/cmdline) -s SYSCTL, --sysctl SYSCTL check the security hardening options in the sysctl output file (`sudo sysctl -a > file`) -v KERNEL_VERSION, --kernel-version KERNEL_VERSION extract the version from the kernel version file (contents of /proc/version) -p {X86_64,X86_32,ARM64,ARM}, --print {X86_64,X86_32,ARM64,ARM} print the security hardening recommendations for the selected microarchitecture -g {X86_64,X86_32,ARM64,ARM}, --generate {X86_64,X86_32,ARM64,ARM} generate a Kconfig fragment with the security hardening options for the selected microarchitecture
$
It would be nice to have --cmdline and --kernel-version use default values when not provided with one.
$ # current behaviour
$ python3 ./bin/kernel-hardening-checker -c /boot/config-* --kernel-version usage: kernel-hardening-checker [-h] [--version] [-m {verbose,json,show_ok,show_fail}] [-c CONFIG] [-l CMDLINE] [-s SYSCTL] [-v KERNEL_VERSION] [-p {X86_64,X86_32,ARM64,ARM}] [-g {X86_64,X86_32,ARM64,ARM}]kernel-hardening-checker: error: argument -v/--kernel-version: expected one argument
$ # desired behaviour
$ python3 ./bin/kernel-hardening-checker -c /boot/config-6.6.3-414.asahi.fc39.aarch64+16k --kernel-version[+] Kconfig file to check: /boot/config-6.6.3-414.asahi.fc39.aarch64+16k[+] Detected microarchitecture: ARM64[+] Detected kernel version: (6, 6, 3) from /proc/version[+] Detected compiler: GCC 130201
$ # heck, detecting the current kernel and config would be even better:
$ python3 ./bin/kernel-hardening-checker --autodetect[+] Detected kernel version: (6, 6, 3) from /proc/version[+] Detected microarchitecture: ARM64[+] Found corresponding Kconfig file to check: /boot/config-6.6.3-414.asahi.fc39.aarch64+16k[+] Detected compiler: GCC 130201
The text was updated successfully, but these errors were encountered:
It would be nice to have
--cmdline
and--kernel-version
use default values when not provided with one.The text was updated successfully, but these errors were encountered: