projects / kconfig-hardened-check.git / history
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
Improve the table header
[kconfig-hardened-check.git] / kconfig-hardened-check.py
2020-03-06 Alexander PopovImprove the table header blob | commitdiff | raw
2020-03-06 Alexander PopovDrop unused OptCheck printing blob | commitdiff | raw | diff to current
2020-03-05 Alexander PopovUpdate 'decision' for new KSPP recommendations blob | commitdiff | raw | diff to current
2020-03-05 Alexander PopovLDISC_AUTOLOAD can be disabled since v5.1 blob | commitdiff | raw | diff to current
2020-03-05 Alexander PopovREFCOUNT_FULL is enabled by default since v5.5 blob | commitdiff | raw | diff to current
2020-03-05 Alexander PopovAdd kernel version checks for complex checks with logic... blob | commitdiff | raw | diff to current
2020-03-05 Alexander PopovAdd kernel version detection blob | commitdiff | raw | diff to current
2020-03-05 Alexander PopovSimplify perform_checks() blob | commitdiff | raw | diff to current
2020-03-04 Alexander PopovSTACKPROTECTOR_PER_TASK is now default for ARM blob | commitdiff | raw | diff to current
2020-03-04 Alexander PopovSECURITY_WRITABLE_HOOKS is not disabled by default blob | commitdiff | raw | diff to current
2020-03-04 Alexander PopovInclude GCC_PLUGINS to defconfig blob | commitdiff | raw | diff to current
2020-01-14 Alexander PopovFix INIT_ON_FREE_DEFAULT_ON vs PAGE_POISONING issue #28 blob | commitdiff | raw | diff to current
2020-01-11 Alexander PopovRecommend disabling VIDEO_VIVID blob | commitdiff | raw | diff to current
2020-01-10 Alexander PopovTake some ideas from NixOS/nixpkgs hardened kernel... blob | commitdiff | raw | diff to current
2019-12-02 Alexander PopovPretty printing blob | commitdiff | raw | diff to current
2019-11-29 Alexander PopovRANDOMIZE_BASE is now enabled by default on arm64 blob | commitdiff | raw | diff to current
2019-11-28 Alexander Popovx86_32: INTEL_IOMMU is not enabled by default - fix... blob | commitdiff | raw | diff to current
2019-11-28 Alexander PopovX86_INTEL_UMIP is now X86_UMIP blob | commitdiff | raw | diff to current
2019-11-28 Alexander Popovx86_64: more hardening options are enabled by default... blob | commitdiff | raw | diff to current
2019-11-28 Alexander PopovImprove the list of the kernel parameters in TODO blob | commitdiff | raw | diff to current
2019-11-28 Alexander PopovUpdate the column width blob | commitdiff | raw | diff to current
2019-11-28 Alexander PopovSome of my recommendations are used by CLIP OS, change... blob | commitdiff | raw | diff to current
2019-11-28 Alexander PopovDon't recommend disabling IKCONFIG anymore blob | commitdiff | raw | diff to current
2019-11-28 Alexander PopovSave more hardening sysctls for TODO blob | commitdiff | raw | diff to current
2019-11-28 Alexander PopovGroup security policies together blob | commitdiff | raw | diff to current
2019-11-28 Alexander PopovAdd INIT_ON_ALLOC_DEFAULT_ON and INIT_ON_FREE_DEFAULT_O... blob | commitdiff | raw | diff to current
2019-11-28 Alexander PopovAdd RODATA_FULL_DEFAULT_ENABLED for ARM64 blob | commitdiff | raw | diff to current
2019-08-23 Alexander PopovAdd HARDEN_BRANCH_PREDICTOR and HARDEN_EL2_VECTORS blob | commitdiff | raw | diff to current
2019-08-23 Alexander PopovBring more order to the offsets (style fix) blob | commitdiff | raw | diff to current
2019-08-22 Alexander PopovAdd INIT_STACK_ALL as an alternative to GCC_PLUGIN_STRU... blob | commitdiff | raw | diff to current
2019-08-22 Alexander PopovAdd SHUFFLE_PAGE_ALLOCATOR from v5.2 blob | commitdiff | raw | diff to current
2019-08-22 Alexander PopovAdd some new sysctls (to remember them) blob | commitdiff | raw | diff to current
2019-07-08 Alexander PopovMerge pull request #22 from adrianopol/master blob | commitdiff | raw | diff to current
2019-07-07 Andrew Petelin#20 fix: use right quotes in json output 22/head blob | commitdiff | raw | diff to current
2019-06-24 Alexander PopovDo code refactoring without changing the functionality blob | commitdiff | raw | diff to current
2019-06-24 Alexander PopovMerge branch 'json-support' blob | commitdiff | raw | diff to current
2019-06-24 Alexander Popovjson: Fix minor things and update the README blob | commitdiff | raw | diff to current
2019-06-24 Andrew Petelinadd --json option 21/head blob | commitdiff | raw | diff to current
2019-06-04 Alexander PopovDrop CONFIG_X86_MSR from the recommendations blob | commitdiff | raw | diff to current
2019-06-03 Alexander PopovAdd the LDISC_AUTOLOAD check blob | commitdiff | raw | diff to current
2019-06-03 Alexander PopovAttribute some of my recommendations to CLIP OS - part II blob | commitdiff | raw | diff to current
2019-06-03 Alexander PopovAttribute some of my recommendations to CLIP OS blob | commitdiff | raw | diff to current
2019-06-03 Alexander PopovAdd my recommendations for AMD (similar to CLIP OS... blob | commitdiff | raw | diff to current
2019-06-03 Alexander PopovAdd X86-specific CLIP OS recommendations for kernel... blob | commitdiff | raw | diff to current
2019-06-03 Alexander PopovAdd arch-independent CLIP OS recommendations for kernel... blob | commitdiff | raw | diff to current
2019-06-03 Alexander PopovAdd more details about STACKLEAK blob | commitdiff | raw | diff to current
2019-06-03 Alexander PopovDon't recommend any particular LSM to avoid the holy war blob | commitdiff | raw | diff to current
2019-06-03 Alexander PopovAdd CLIP OS recommendations for cutting attack surface blob | commitdiff | raw | diff to current
2019-06-03 Alexander PopovImprove printing of the results blob | commitdiff | raw | diff to current
2019-05-27 Alexander PopovAdd more kernel command line parameters to comments blob | commitdiff | raw | diff to current
2019-03-13 Alexander PopovAdd the comment about kptr_restrict blob | commitdiff | raw | diff to current
2019-03-13 Alexander PopovAdd ARM64_PTR_AUTH check blob | commitdiff | raw | diff to current
2019-03-13 Alexander PopovAdd STACKPROTECTOR_PER_TASK check for ARM blob | commitdiff | raw | diff to current
2019-03-12 Alexander PopovDon't hide AND check results if the requirements are... blob | commitdiff | raw | diff to current
2019-03-12 Alexander PopovImprove the final result output blob | commitdiff | raw | diff to current
2019-03-12 Alexander PopovUse the AND check for HARDENED_USERCOPY_FALLBACK blob | commitdiff | raw | diff to current
2019-03-12 Alexander PopovUse the AND check for PAGE_POISONING_NO_SANITY and... blob | commitdiff | raw | diff to current
2019-03-12 Alexander PopovImplement AND ComplexOptCheck blob | commitdiff | raw | diff to current
2019-03-12 Alexander PopovAdd a sanity check and do minor refactoring blob | commitdiff | raw | diff to current
2019-03-12 Alexander PopovIntroduce the ComplexOptCheck superclass blob | commitdiff | raw | diff to current
2019-03-11 Alexander PopovAdd explicit checks for CONFIG_MODULES and CONFIG_DEVMEM blob | commitdiff | raw | diff to current
2019-03-11 Alexander PopovAdd missing OR use case blob | commitdiff | raw | diff to current
2019-03-11 Alexander PopovImprove the output of OR checks blob | commitdiff | raw | diff to current
2019-03-04 Alexander PopovAdd the RESET_ATTACK_MITIGATION check according to... blob | commitdiff | raw | diff to current
2019-03-04 Alexander PopovFix false positive about CONFIG_MODULE_SIG_FORCE. blob | commitdiff | raw | diff to current
2019-01-24 Alexander PopovUpdate the README and comments after adding ARM support blob | commitdiff | raw | diff to current
2019-01-24 Alexander PopovAdd ARM support blob | commitdiff | raw | diff to current
2019-01-23 Alexander PopovGo through all the checks in debug mode blob | commitdiff | raw | diff to current
2019-01-23 Alexander PopovAdd ARM64 support blob | commitdiff | raw | diff to current
2019-01-22 Alexander PopovAdd X86_32 support blob | commitdiff | raw | diff to current
2019-01-21 Alexander PopovMake the script aware of target architecture blob | commitdiff | raw | diff to current
2019-01-14 Alexander PopovMerge branch 'decision-cleanup' blob | commitdiff | raw | diff to current
2019-01-14 Alexander PopovChange the last 'ubuntu18' checks (about lockdown) blob | commitdiff | raw | diff to current
2019-01-14 Alexander PopovChange 'decision' to 'grsecurity' for their additional... blob | commitdiff | raw | diff to current
2019-01-14 Alexander PopovChange 'decision' to 'kspp' for non-default options... blob | commitdiff | raw | diff to current
2019-01-14 Alexander PopovChange 'decision' to 'defconfig' for hardening features... blob | commitdiff | raw | diff to current
2018-12-21 Alexander PopovAdd kernel command line options enabling mitigations... blob | commitdiff | raw | diff to current
2018-12-12 Alexander PopovAdd TODO (hardening preferences for ARM) and update... blob | commitdiff | raw | diff to current
2018-12-12 Alexander PopovCheck x86 hardening features: X86_SMAP and X86_INTEL_UMIP blob | commitdiff | raw | diff to current
2018-12-12 Alexander PopovAdd SECURITY_LOADPIN check blob | commitdiff | raw | diff to current
2018-12-12 Alexander PopovAdd SLAB_MERGE_DEFAULT check blob | commitdiff | raw | diff to current
2018-12-12 Alexander PopovMention net.core.bpf_jit_harden blob | commitdiff | raw | diff to current
2018-12-12 Alexander PopovRecommend slub_debug=FZP blob | commitdiff | raw | diff to current
2018-12-07 Alexander PopovMark options connected with CONFIG_LOCK_DOWN_KERNEL... blob | commitdiff | raw | diff to current
2018-12-07 Alexander PopovAdd CONFIG_LOCK_DOWN_KERNEL blob | commitdiff | raw | diff to current
2018-07-30 Alexander PopovMinor fixes for the script output blob | commitdiff | raw | diff to current
2018-07-30 Alexander PopovMerge branch 'from-iad42-1' blob | commitdiff | raw | diff to current
2018-07-30 Anatoly Ivanovget_option_state function now looks a lot prettier... blob | commitdiff | raw | diff to current
2018-07-30 Anatoly IvanovMade long lines in major output shorter blob | commitdiff | raw | diff to current
2018-07-30 Alexander PopovAdd DEBUG_RODATA as old alternative to STRICT_KERNEL_RWX blob | commitdiff | raw | diff to current
2018-07-30 Alexander PopovAlign lines better blob | commitdiff | raw | diff to current
2018-07-30 Alexander PopovAdd DEBUG_SET_MODULE_RONX as old alternative to STRICT_... blob | commitdiff | raw | diff to current
2018-07-30 Alexander PopovUpdate the function names according to the new meaning blob | commitdiff | raw | diff to current
2018-07-27 Alexander PopovComment out LKDTM blob | commitdiff | raw | diff to current
2018-07-25 Alexander PopovAvoid false positive errors if CONFIG_MODULES is not set blob | commitdiff | raw | diff to current
2018-07-25 Alexander PopovSupport both versions of the STACKPROTECTOR_STRONG... blob | commitdiff | raw | diff to current
2018-07-24 Alexander PopovMerge branch 'OR-from-anthraxx' blob | commitdiff | raw | diff to current
2018-07-24 Alexander PopovImprove the OR result calculation blob | commitdiff | raw | diff to current
2018-07-24 Alexander PopovAdjust the output format blob | commitdiff | raw | diff to current
2018-07-24 anthraxxsupport DEVMEM not set when considering STRICT_DEVMEM... blob | commitdiff | raw | diff to current
next
kconfig-hardened-check