From: Alexander Popov <alex.popov@linux.com>
Date: Sun, 16 Jul 2023 21:06:11 +0000 (+0300)
Subject: Implement parse_sysctl_file()
X-Git-Tag: v0.6.6~118
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=6d4cb6735da262ca843aee129147ce295d5fb12b;p=kconfig-hardened-check.git

Implement parse_sysctl_file()

Refers to #65
---

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index a98fbe8..143da1d 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -200,7 +200,26 @@ def parse_cmdline_file(parsed_options, fname):
 
 
 def parse_sysctl_file(parsed_options, fname):
-    print('parse_sysctl_file: TODO')
+    with open(fname, 'r', encoding='utf-8') as f:
+        sysctl_pattern = re.compile("[a-zA-Z0-9\._-]+ =.*$")
+        for line in f.readlines():
+            line = line.strip()
+            if not sysctl_pattern.match(line):
+                sys.exit(f'[!] ERROR: unexpected line in sysctl file: {line}')
+            option, value = line.split('=', 1)
+            option = option.strip()
+            value = value.strip()
+            # sysctl options may be found multiple times, let's save the last value:
+            parsed_options[option] = value
+
+    # let's check the presence of some ancient sysctl option
+    # to ensure that we are parsing the output of `sudo sysctl -a > file`
+    if 'kernel.printk' not in parsed_options:
+        sys.exit(f'[!] ERROR: {fname} doesn\'t look like a sysctl output file, please try `sudo sysctl -a > {fname}`')
+
+    # let's check the presence of a sysctl option available for root
+    if 'net.core.bpf_jit_harden' not in parsed_options:
+        print(f'[!] WARNING: sysctl option "net.core.bpf_jit_harden" available for root is not found in {fname}, please try `sudo sysctl -a > {fname}`')
 
 
 def main():