a13xp0p0v/kernel-hardening-checker

Issues

• Which Python versions should `kernel-hardening-checker` support?

  #133 opened 6 months ago by a13xp0p0v
  5

• new make hardening.config available

  #92 opened 4 months ago by osevan
  3

• add check for CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0 too

  #104 opened 10 months ago by thestinger
  10

• Add io_uring_disabled sysctl to disable/limit io_uring creation

  #109 opened 9 months ago by winterknife
  0

• Reducing Kernel Symbols on File System by Disabling CONFIG_VMLINUX_MAP and CONFIG_DEBUG_KERNEL

  #110 opened 9 months ago by wryMitts
  2

• Disable `CONFIG_N_GSM`

  #122 opened 4 months ago by cgzones
  2

• CONFIG_AMD_IOMMU_V2 = m appears also to be correct

  #57 opened 4 months ago by brandonweeks
  2

• Add RDK Linux Hardening specification flags

  #84 opened 4 months ago by frakman1
  3

• Improve --kernel-version and --cmdline

  #129 opened 7 months ago by jvoisin
  4

• Add check for CONFIG_MITIGATION_RFDS

  #116 opened 6 months ago by wryMitts
  1

• Linux 6.9 Renames Many CPU Mitigation CONFIGs to CONFIG_MITIGATION_...

  #117 opened 6 months ago by wryMitts
  1

• Disable codecov upload for pull-requests

  #126 opened 7 months ago by jvoisin
  6

• Integration with oracle/kconfigs

  #119 opened 8 months ago by evdenis
  2

• Add kconfig option for Intel CET shadow stack

  #114 opened 7 months ago by winterknife
  0

• Create documentation describing Linux kernel security options

  #69 opened 2 years ago by a13xp0p0v
  7

• drop check for dependency-only CONFIG_GCC_PLUGINS due to Clang

  #102 opened 8 months ago by thestinger
  3

• The separation between desktop and server.

  #118 opened 8 months ago by migrgh
  3

• Better json output

  #108 opened 8 months ago by avnik
  4

• Suggestions for kernel-hardening-checker

  #113 opened 8 months ago by asarubbo
  3

• Kernel Debug Metadata Access with CONFIG_DYNAMIC_DEBUG

  #111 opened 8 months ago by wryMitts
  3

• Get rid of CONFIG_DEBUG_CREDENTIALS

  #97 opened 8 months ago by Sporif
  3

• Minimal kernel version ?

  #106 opened 8 months ago by ffontaine
  1

• False positive on CONFIG_REFCOUNT_FULL in recent 5.4.x kernels

  #88 opened 8 months ago by hlein
  3

• Add a check for IA32_EMULATION

  #87 opened 8 months ago by jvoisin
  5

• Add ia32_emulation kernel cmdline parameter to disable 32-bit emulation support on 64-bit x86 CPUs

  #112 opened 9 months ago by winterknife
  1

• add check for UNWIND_PATCH_PAC_INTO_SCS, which reduces security compared to using both PAC + SCS

  #105 opened 10 months ago by thestinger
  4

• New CONFIG_MODULE_SIG_SHA3_512 option in kernel 6.7

  #107 opened 9 months ago by morfikov
  1

• skip CONFIG_DEBUG_NOTIFIERS requirement when CONFIG_CFI_CLANG is set with CONFIG_CFI_PERMISSIVE disabled

  #99 opened 10 months ago by thestinger
  4

• new tag?

  #96 opened 10 months ago by asarubbo
  2

• CONFIG_ARCH_MMAP_RND_BITS check is wrong for arm64

  #101 opened 10 months ago by thestinger
  3

• CONFIG_COMPAT_VDSO has a completely different meaning for arm64 and recommending disabling it doesn't make sense there

  #100 opened 10 months ago by thestinger
  3

• add disabling CONFIG_AIO (legacy POSIX AIO) as a recommendation

  #103 opened 10 months ago by thestinger
  1

• skip CONFIG_SCHED_STACK_END_CHECK requirement when CONFIG_VMAP_STACK is set

  #98 opened 10 months ago by thestinger
  2

• Enhancement add kmalloc hardening

  #83 opened a year ago by osevan
  2

• Check for module force loading?

  #95 opened a year ago by vobst
  1

• Consider removing/not recommending CONFIG_ZERO_CALL_USED_REGS

  #82 opened a year ago by jvoisin
  1

• Color indicators for "check result" column

  #81 opened a year ago by harisphnx
  15

• Support checking sysctl security options

  #65 opened a year ago by a13xp0p0v
  1

• Create a tool that changes kconfig options according to the recommendations

  #67 opened a year ago by a13xp0p0v
  3

• Integrity Measurement Architecture

  #75 opened 2 years ago by JohnVengert
  1

• Create unit-tests for the engine checking the correctness

  #79 opened 2 years ago by a13xp0p0v
  1

• iommu=force

  #76 opened 2 years ago by d4rklynk
  1

• Fix getting Nix kconfig (contrib)

  #63 opened 2 years ago by a13xp0p0v
  6

• Evaluate performance penalty of the recommended kernel options

  #66 opened 2 years ago by a13xp0p0v
  2

• ERORR?

  #73 opened 2 years ago by alpahca
  3

• Config change in 5.19.X

  #71 opened 2 years ago by Churam
  3

• COPR repo with built kernel with suggested recommendations

  #70 opened 2 years ago by krishjainx
  6

• Create a tool reporting mainline kernel versions that support a recommended option

  #68 opened 2 years ago by a13xp0p0v
  1

• Let user select configs without absolute path

  #61 opened 3 years ago by dmknght
  5

• CONFIG_TRIM_UNUSED_KSYMS and CONFIG_MODULES not in sync

  #58 opened 3 years ago by Churam
  2