Comments (6)
Hello @adrelanos,
I guess Whonix has a default and hardened config, am I right?
Is the difference between them documented anywhere?
We can take Whonix official configs to the config_files/distros/
.
That's useful for a brief comparison of kernel hardening adoption by various Linux distributions.
There is also the config_files/links.txt
file that describes how to get official configs from various distros.
Thanks!
from kernel-hardening-checker.
The current Whonix default is the Debian default. It will be changed to the config mentioned in the post once it's finished.
from kernel-hardening-checker.
Ok.
So when it is finished, you are welcome to send me the pull request that
- adds the official Whonix hardened config to
config_files/distros/
; - adds the corresponding info to
config_files/links.txt
.
from kernel-hardening-checker.
@madaidan After reading your post on the linux-hardened repository, it seems you might be interested in contributing some of your changes to the CLIP OS kernel (see our current configuration here). If so, don't hesitate to open an issue, it would be much appreciated!
Thanks @msalaun-anssi for the heads-up ;)
from kernel-hardening-checker.
Created clipos/bugs#38 for it.
from kernel-hardening-checker.
@madaidan After reading your post on the linux-hardened repository, it seems you might be interested in contributing some of your changes to the CLIP OS kernel (see our current configuration here). If so, don't hesitate to open an issue, it would be much appreciated!
Sounds great. I'll see what I can do.
from kernel-hardening-checker.
Related Issues (20)
- CONFIG_COMPAT_VDSO has a completely different meaning for arm64 and recommending disabling it doesn't make sense there HOT 3
- CONFIG_ARCH_MMAP_RND_BITS check is wrong for arm64 HOT 3
- drop check for dependency-only CONFIG_GCC_PLUGINS due to Clang HOT 3
- add disabling CONFIG_AIO (legacy POSIX AIO) as a recommendation HOT 1
- add check for CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0 too HOT 4
- Integrity Measurement Architecture HOT 1
- iommu=force HOT 1
- Create unit-tests for the engine checking the correctness HOT 1
- Color indicators for "check result" column HOT 15
- Consider removing/not recommending CONFIG_ZERO_CALL_USED_REGS HOT 1
- Enhancement add kmalloc hardening HOT 2
- Add RDK Linux Hardening specification flags HOT 2
- Add a check for IA32_EMULATION HOT 5
- False positive on CONFIG_REFCOUNT_FULL in recent 5.4.x kernels HOT 3
- new make hardening.config available HOT 2
- Check for module force loading? HOT 1
- new tag? HOT 2
- Get rid of CONFIG_DEBUG_CREDENTIALS HOT 3
- skip CONFIG_SCHED_STACK_END_CHECK requirement when CONFIG_VMAP_STACK is set HOT 2
- skip CONFIG_DEBUG_NOTIFIERS requirement when CONFIG_CFI_CLANG is set with CONFIG_CFI_PERMISSIVE disabled HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kernel-hardening-checker.