aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHilton Chain <hako@ultrarare.space>2022-11-06 22:52:19 +0800
committerChristopher Baines <mail@cbaines.net>2022-11-07 20:30:29 +0100
commitcad335a32acf8c31b49fe83f1b38b1d1a6da76be (patch)
tree4a03674efa66db50ccf8d24aad0648daa556543b
parent472917ea6c479b3546ffaea02f755ed9c6e8d46b (diff)
downloadguix-cad335a32acf8c31b49fe83f1b38b1d1a6da76be.tar.gz
guix-cad335a32acf8c31b49fe83f1b38b1d1a6da76be.zip
gnu: Add kconfig-hardened-check.
* gnu/packages/linux.scm (kconfig-hardened-check): New variable. Signed-off-by: Christopher Baines <mail@cbaines.net>
-rw-r--r--gnu/packages/linux.scm32
1 files changed, 32 insertions, 0 deletions
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 43de637a17..d00b683dd9 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -9512,3 +9512,35 @@ version of the HDAPS driver. The underlying hardware interfaces are
@acronym{SMAPI, System Management Application Program Interface} and direct
access to the embedded controller.")
(license license:gpl2+)))
+
+(define-public kconfig-hardened-check
+ (package
+ (name "kconfig-hardened-check")
+ (version "0.5.17")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/a13xp0p0v/kconfig-hardened-check")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0p9pywfxwyk4yfgaf7bhqrf72ywc6w6k77dbi7lldynha886ih4a"))))
+ (build-system python-build-system)
+ (home-page "https://github.com/a13xp0p0v/kconfig-hardened-check")
+ (synopsis
+ "Tool for checking the security hardening options of the Linux kernel")
+ (description
+ "@code{kconfig-hardened-check} is a tool for checking the security
+hardening options of the Linux kernel. Provided preferences are based on
+suggestions from various sources, including:
+
+@itemize
+@item KSPP recommended settings
+@item CLIP OS kernel configuration
+@item Last public grsecurity patch (options which they disable)
+@item SECURITY_LOCKDOWN_LSM patchset
+@item Direct feedback from the Linux kernel maintainers
+@end itemize\n
+This tool supports checking Kconfig options and kernel cmdline parameters.")
+ (license license:gpl3)))