diff options
author | Hilton Chain <hako@ultrarare.space> | 2022-11-06 22:52:19 +0800 |
---|---|---|
committer | Christopher Baines <mail@cbaines.net> | 2022-11-07 20:30:29 +0100 |
commit | cad335a32acf8c31b49fe83f1b38b1d1a6da76be (patch) | |
tree | 4a03674efa66db50ccf8d24aad0648daa556543b | |
parent | 472917ea6c479b3546ffaea02f755ed9c6e8d46b (diff) | |
download | guix-cad335a32acf8c31b49fe83f1b38b1d1a6da76be.tar.gz guix-cad335a32acf8c31b49fe83f1b38b1d1a6da76be.zip |
gnu: Add kconfig-hardened-check.
* gnu/packages/linux.scm (kconfig-hardened-check): New variable.
Signed-off-by: Christopher Baines <mail@cbaines.net>
-rw-r--r-- | gnu/packages/linux.scm | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 43de637a17..d00b683dd9 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -9512,3 +9512,35 @@ version of the HDAPS driver. The underlying hardware interfaces are @acronym{SMAPI, System Management Application Program Interface} and direct access to the embedded controller.") (license license:gpl2+))) + +(define-public kconfig-hardened-check + (package + (name "kconfig-hardened-check") + (version "0.5.17") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/a13xp0p0v/kconfig-hardened-check") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "0p9pywfxwyk4yfgaf7bhqrf72ywc6w6k77dbi7lldynha886ih4a")))) + (build-system python-build-system) + (home-page "https://github.com/a13xp0p0v/kconfig-hardened-check") + (synopsis + "Tool for checking the security hardening options of the Linux kernel") + (description + "@code{kconfig-hardened-check} is a tool for checking the security +hardening options of the Linux kernel. Provided preferences are based on +suggestions from various sources, including: + +@itemize +@item KSPP recommended settings +@item CLIP OS kernel configuration +@item Last public grsecurity patch (options which they disable) +@item SECURITY_LOCKDOWN_LSM patchset +@item Direct feedback from the Linux kernel maintainers +@end itemize\n +This tool supports checking Kconfig options and kernel cmdline parameters.") + (license license:gpl3))) |