oswatcher icon indicating copy to clipboard operation
oswatcher copied to clipboard

Published 20 hours ago verified publisher icon Wenzel

Extend with kernel-config-checker plugin

Open nettrino opened this issue 6 years ago • 3 comments

It will be nice to pull kernel config options statically as performed by the kernel-config-checker plugin as well as to try and verify several settings dynamically. This is usefule as in come cases, such as in certain cloud deployments some security settings are not enforced regardless of config.

nettrino avatar Jun 10 '19 03:06 nettrino

Looking at kcc, it doesn't have JSON output format, so it woud be difficult to load the data in the security hook, like we do with checksec: https://github.com/Wenzel/oswatcher/blob/master/hooks/security.py#L31

However, kcc is a very small, project, adding support for a docopt command line and JSON output should not be difficult.

What do you think ? Would you rather parse the text output in the OSWatcher hook ?

Wenzel avatar Jun 10 '19 05:06 Wenzel

This is what I had done for the blog post (I can point you to the link internally) - either is fine, we could just put in a PR for json output to be more consistent, parsing is probably faster

nettrino avatar Jun 10 '19 14:06 nettrino

Actually this one is more maintained: https://github.com/a13xp0p0v/kconfig-hardened-check

I opened an issue there https://github.com/a13xp0p0v/kconfig-hardened-check/issues/20

Wenzel avatar Jun 10 '19 15:06 Wenzel