Comments (6)
Hi Krish,
This approach can be called "creating a kernel flavour". Some distros do that.
For example, see:
- Ubuntu kernel flavours: https://wiki.ubuntu.com/Kernel/Dev/Flavours
- Suse kernel flavours: https://www.suse.com/support/kb/doc/?id=000017133
- The discussion about NixOS hardened kernel: NixOS/nixpkgs#76850
from kernel-hardening-checker.
For sure, this project is perhaps one of the best and most usable for kernel hardening and I would definitely be able to help if you can get started or others with implementing this. Thank you!
from kernel-hardening-checker.
Yes, thank you I understand that but how would I have your script/tool change the .config to be more hardened and then have that grab new kernel sources and automatically build like if I was to hold a COPR?
from kernel-hardening-checker.
Thanks Krish, now I see what you mean.
There is an enhancement #67. Maybe it would help to solve your task.
Create a tool that changes kconfig options according the recommendations
It should use the JSON output of kconfig-hardened-check
and work with kconfig with kconfiglib.
What do you think?
from kernel-hardening-checker.
It would be incredibly useful to instead of being developing sideways independent projects like linux-hardened or grsecurity to be working more close with upstream like you are - getting all the performance improvements, bug fixes and applying all available "vanilla" security fixes and pushing this to distributions using that tool. Then people can work off it. Even if it's not "revolutionary" I definitely believe in the long term it would help make Linux even better!
from kernel-hardening-checker.
I can't comment about grsecurity
. This topic is complex... Anyway, they are pioneers in kernel security hardening.
The goal of KSPP
is to develop kernel self-protection features for the mainline kernel. I hope my kconfig-hardened-check
project also promotes these security features among Linux distros.
from kernel-hardening-checker.
Related Issues (20)
- Evaluate performance penalty of the recommended kernel options HOT 2
- Create a tool that changes kconfig options according to the recommendations HOT 3
- Create a tool reporting mainline kernel versions that support a recommended option HOT 1
- Create documentation describing Linux kernel security options HOT 7
- Config change in 5.19.X HOT 3
- ERORR? HOT 3
- Integrity Measurement Architecture HOT 1
- iommu=force HOT 1
- Create unit-tests for the engine checking the correctness HOT 1
- Color indicators for "check result" column HOT 15
- Consider removing/not recommending CONFIG_ZERO_CALL_USED_REGS HOT 1
- Enhancement add kmalloc hardening HOT 2
- Add RDK Linux Hardening specification flags HOT 2
- Add a check for IA32_EMULATION HOT 5
- False positive on CONFIG_REFCOUNT_FULL in recent 5.4.x kernels HOT 3
- new make hardening.config available HOT 2
- Check for module force loading? HOT 1
- new tag? HOT 2
- Get rid of CONFIG_DEBUG_CREDENTIALS HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ššš
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ā¤ļø Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kernel-hardening-checker.