Julien Voisin

Update books with metadata from online sources

4

You [said](https://news.ycombinator.com/item?id=38988559) on hacknews that "When I add books, I need to grab metadata for the book like title, ISBN, etc." It would thus be nice if citadel could do...

Are there any plans to integrate the [pseudo-fuzzer](https://github.com/godotengine/regression-test-project#safe-fuzzer) into OSS-Fuzz (and making it a real fuzzer)?

ntp is leaking a lot of information about the underlying system by default

4

It would be nice if the `ntp` service would refrain from giving its exact version, on what CPU it's running, as all as the operating system and its exact version....

Add a check for BTI and PAC

3

## Issue BTI and PAC (on ARM) aren't detected by checksec.sh ```console $ checksec --file=/bin/ssh RELRO STACK CANARY NX PIE RPATH RUNPATH Symbols FORTIFY Fortified Fortifiable FILE Full RELRO Canary...

Add a couple of grsecurity disabled options

1

This is based on a grsecurity 6.6 patch

Add a --autodetect option

1

Instead of having to specify Kconfig file and /proc/cmdline, --autodetect will try to infer them. This is related to #129

Add an add_x86_only_kconfig_checks and an add_arm_only_kconfig_checks function

7

Splitting the checks by arch family makes the code a tad more readable and self-contains, and makes it easier to inspect what checks are architecture-specific, instead of having the read...

Encrypted RAM is a security mechanism, if only against forensic.

Improve --kernel-version and --cmdline

4

```console $ python3 ./bin/kernel-hardening-checker -h usage: kernel-hardening-checker [-h] [--version] [-m {verbose,json,show_ok,show_fail}] [-c CONFIG] [-l CMDLINE] [-s SYSCTL] [-v KERNEL_VERSION] [-p {X86_64,X86_32,ARM64,ARM}] [-g {X86_64,X86_32,ARM64,ARM}] A tool for checking the security hardening...