From d6caae5328a051d33e43ffec040cae03d8f6a07f Mon Sep 17 00:00:00 2001 From: Alexander Popov Date: Mon, 12 Jun 2023 14:37:42 +0300 Subject: [PATCH] Improve the comments and README --- README.md | 15 +++++++-------- kconfig_hardened_check/__init__.py | 12 +++++------- kconfig_hardened_check/checks.py | 4 +--- kconfig_hardened_check/engine.py | 4 +--- kconfig_hardened_check/test_engine.py | 4 +--- 5 files changed, 15 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 0fd80e9..e00cb0a 100644 --- a/README.md +++ b/README.md @@ -14,8 +14,8 @@ make our systems more secure. But nobody likes checking configs manually. So let the computers do their job! -__kconfig-hardened-check__ helps me to check the Linux kernel options -against my security hardening preferences, which are based on the +__kconfig-hardened-check__ is a tool for checking the security hardening options of the Linux kernel. +The recommendations are based on - [KSPP recommended settings][1] - [CLIP OS kernel configuration][2] @@ -63,8 +63,8 @@ Some Linux distributions also provide `kconfig-hardened-check` as a package. ## Usage ``` -usage: kconfig-hardened-check [-h] [--version] [-p {X86_64,X86_32,ARM64,ARM}] [-c CONFIG] - [-l CMDLINE] [-m {verbose,json,show_ok,show_fail}] +usage: kconfig-hardened-check [-h] [--version] [-p {X86_64,X86_32,ARM64,ARM}] [-c CONFIG] [-l CMDLINE] + [-m {verbose,json,show_ok,show_fail}] A tool for checking the security hardening options of the Linux kernel @@ -72,12 +72,11 @@ options: -h, --help show this help message and exit --version show program's version number and exit -p {X86_64,X86_32,ARM64,ARM}, --print {X86_64,X86_32,ARM64,ARM} - print security hardening preferences for the selected architecture + print security hardening options for the selected architecture -c CONFIG, --config CONFIG - check the kernel kconfig file against these preferences (also supports - *.gz files) + check security hardening options in the kernel kconfig file (also supports *.gz files) -l CMDLINE, --cmdline CMDLINE - check the kernel cmdline file against these preferences + check security hardening options in the kernel cmdline file -m {verbose,json,show_ok,show_fail}, --mode {verbose,json,show_ok,show_fail} choose the report mode ``` diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index cdb0828..086e21e 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -1,9 +1,7 @@ #!/usr/bin/python3 """ -This tool helps me to check Linux kernel options against -my security hardening preferences for X86_64, ARM64, X86_32, and ARM. -Let the computers do their job! +This tool is for checking the security hardening options of the Linux kernel. Author: Alexander Popov @@ -211,11 +209,11 @@ def main(): description='A tool for checking the security hardening options of the Linux kernel') parser.add_argument('--version', action='version', version='%(prog)s ' + __version__) parser.add_argument('-p', '--print', choices=supported_archs, - help='print security hardening preferences for the selected architecture') + help='print security hardening options for the selected architecture') parser.add_argument('-c', '--config', - help='check the kernel kconfig file against these preferences (also supports *.gz files)') + help='check security hardening options in the kernel kconfig file (also supports *.gz files)') parser.add_argument('-l', '--cmdline', - help='check the kernel cmdline file against these preferences') + help='check security hardening options in the kernel cmdline file') parser.add_argument('-m', '--mode', choices=report_modes, help='choose the report mode') args = parser.parse_args() @@ -306,7 +304,7 @@ def main(): add_kconfig_checks(config_checklist, arch) add_cmdline_checks(config_checklist, arch) if mode != 'json': - print(f'[+] Printing kernel security hardening preferences for {arch}...') + print(f'[+] Printing kernel security hardening options for {arch}...') print_checklist(mode, config_checklist, False) sys.exit(0) diff --git a/kconfig_hardened_check/checks.py b/kconfig_hardened_check/checks.py index 87e45c9..46922a2 100644 --- a/kconfig_hardened_check/checks.py +++ b/kconfig_hardened_check/checks.py @@ -1,9 +1,7 @@ #!/usr/bin/python3 """ -This tool helps me to check Linux kernel options against -my security hardening preferences for X86_64, ARM64, X86_32, and ARM. -Let the computers do their job! +This tool is for checking the security hardening options of the Linux kernel. Author: Alexander Popov diff --git a/kconfig_hardened_check/engine.py b/kconfig_hardened_check/engine.py index 6791285..e914044 100644 --- a/kconfig_hardened_check/engine.py +++ b/kconfig_hardened_check/engine.py @@ -1,9 +1,7 @@ #!/usr/bin/python3 """ -This tool helps me to check Linux kernel options against -my security hardening preferences for X86_64, ARM64, X86_32, and ARM. -Let the computers do their job! +This tool is for checking the security hardening options of the Linux kernel. Author: Alexander Popov diff --git a/kconfig_hardened_check/test_engine.py b/kconfig_hardened_check/test_engine.py index 8ef0fa3..433e584 100644 --- a/kconfig_hardened_check/test_engine.py +++ b/kconfig_hardened_check/test_engine.py @@ -1,9 +1,7 @@ #!/usr/bin/python3 """ -This tool helps me to check Linux kernel options against -my security hardening preferences for X86_64, ARM64, X86_32, and ARM. -Let the computers do their job! +This tool is for checking the security hardening options of the Linux kernel. Author: Alexander Popov -- 2.31.1