Comments (3)
Another distinction is virtual machine desktop and virtual machine server.
A server still needs CONFIG_FB to show boot display if something goes wrong in initrd, etc. Virtual machine server with serial does not. Certain cloud servers available for sale online have both serial and video options available, some none at all (SSH only). So this is a very usecase specific item.
This may be harder to add because many hypervisors such as Xen, KVM, Virtualbox, might require different kernel options enabled to function as expected.
from kernel-hardening-checker.
current situation of automatic merging the Kconfig fragment you have to manual go over options like CONFIG_FB if in need.
or have a profile which work using automatic merging of the Kconfig fragment.
but yes it's very use case specific how a profile should look like.
from kernel-hardening-checker.
Thanks for creating this issue. It is connected to the issue #50.
CC @petervanvugt, @egberts.
Please have a look and give your ideas.
What do you think about a mechanism allowing the kernel-hardening-checker
users to create new custom checks and redefine the existing rules?
For example, kernel-hardening-checker
may have a new -r
argument for specifying a file with rule changes from the user.
from kernel-hardening-checker.
Related Issues (20)
- Better json output HOT 4
- Add io_uring_disabled sysctl to disable/limit io_uring creation
- Reducing Kernel Symbols on File System by Disabling CONFIG_VMLINUX_MAP and CONFIG_DEBUG_KERNEL HOT 2
- Kernel Debug Metadata Access with CONFIG_DYNAMIC_DEBUG HOT 3
- Add ia32_emulation kernel cmdline parameter to disable 32-bit emulation support on 64-bit x86 CPUs HOT 1
- Suggestions for kernel-hardening-checker HOT 3
- Add kconfig option for Intel CET shadow stack
- Add check for CONFIG_MITIGATION_RFDS HOT 1
- Linux 6.9 Renames Many CPU Mitigation CONFIGs to CONFIG_MITIGATION_... HOT 1
- Integration with oracle/kconfigs HOT 2
- Disable `CONFIG_N_GSM` HOT 2
- Disable codecov upload for pull-requests HOT 6
- Improve --kernel-version and --cmdline HOT 4
- Which Python versions should `kernel-hardening-checker` support? HOT 3
- Add the `with care` column
- Relatively low code coverage in the engine unit test
- Implement the `CONFIG_ARCH_MMAP_RND_COMPAT_BITS` check
- New kconfig SECURITY_PROC_MEM_RESTRICT_WRITES HOT 1
- Add kconfig option CONFIG_CFI_AUTO_DEFAULT
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kernel-hardening-checker.