Comments (5)
Hello @dmknght,
Thanks for writing!
Actually, the config files in kconfig_hardened_check/config_files/
are provided as examples that are used for developing and testing of this tool. These configs are updated not that often, they don't cover all major distros.
The main use case for users is to check their own kernel config. The example from Fedora:
./bin/kconfig-hardened-check -c /boot/config-5.16.11-100.fc34.x86_64
So I don't think users care about the location of these example config files. How do you think?
from kernel-hardening-checker.
Hello @dmknght,
Thanks for writing!
Actually, the config files in
kconfig_hardened_check/config_files/
are provided as examples that are used for developing and testing of this tool. These configs are updated not that often, they don't cover all major distros.The main use case for users is to check their own kernel config. The example from Fedora:
./bin/kconfig-hardened-check -c /boot/config-5.16.11-100.fc34.x86_64
So I don't think users care about the location of these example config files. How do you think?
Hello! Sorry for very late reply. I had issue with my mail notification LuL. Anyway, I think that's a very interesting point that i didn't know. In this case, I think kconfig-hardened-check
can have a flag like auto check
to do the command automatically. The workflow is like:
- Check if there is
config file
that matcheskernel version
at/boot/
- If exists, run the system check automatically
- If doesn't exists, tells user to try some examples. In this case, i think absolute path of examples is needed.
What do you think about this? To me I think it's easier to user to just do run and read
the result without thinking about wrong profiles.
from kernel-hardening-checker.
Some distros don't expose kernel config at /boot and I don't see why average user would be interested in checking example config which is probably totally unrelated to their system.
from kernel-hardening-checker.
I agree with @Bernhard40.
@dmknght, I would avoid adding the code for searching the kernel config on a local machine.
Moreover, Linux kernel developers often use the kconfig-hardened-check
tool for the configs of the kernels that they develop (not the config of the local machine).
Thanks!
from kernel-hardening-checker.
@dmknght, I would avoid adding the code for searching the kernel config on a local machine.
Well it's not that hard. From what i checked, you just need to get kernel version, and map the path /boot/config-<kernel version>
Moreover, Linux kernel developers often use the kconfig-hardened-check tool for the configs of the kernels that they develop (not the config of the local machine).
Well i see. So i guess I can close the issue now because the scope is different.
from kernel-hardening-checker.
Related Issues (20)
- Evaluate performance penalty of the recommended kernel options HOT 2
- Create a tool that changes kconfig options according to the recommendations HOT 3
- Create a tool reporting mainline kernel versions that support a recommended option HOT 1
- Create documentation describing Linux kernel security options HOT 6
- COPR repo with built kernel with suggested recommendations HOT 6
- Config change in 5.19.X HOT 3
- ERORR? HOT 3
- Integrity Measurement Architecture HOT 1
- iommu=force HOT 1
- Create unit-tests for the engine checking the correctness HOT 1
- Color indicators for "check result" column HOT 15
- Consider removing/not recommending CONFIG_ZERO_CALL_USED_REGS HOT 1
- Enhancement add kmalloc hardening HOT 2
- Add RDK Linux Hardening specification flags HOT 2
- Add a check for IA32_EMULATION HOT 5
- False positive on CONFIG_REFCOUNT_FULL in recent 5.4.x kernels HOT 3
- new make hardening.config available HOT 2
- Check for module force loading? HOT 1
- new tag? HOT 2
- Get rid of CONFIG_DEBUG_CREDENTIALS HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kernel-hardening-checker.