kernel-hardening-checker
checksec.sh
kernel-hardening-checker | checksec.sh | |
---|---|---|
8 | 3 | |
1,500 | 1,939 | |
- | - | |
9.2 | 6.7 | |
8 days ago | 9 days ago | |
Python | Roff | |
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
kernel-hardening-checker
- Has anyone run into any issues using kernel-hardening-checker on Fedora?
- Linux Kernel Hardening Checker
- A tool for checking the security hardening options of the Linux kernel
- kconfig-hardened-check - A tool for checking the security hardening options of the Linux kernel
-
Ask HN: What Linux setup/hardening guide do you use?
https://github.com/a13xp0p0v/kconfig-hardened-check and also spot check with http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Pro...
Then can also see if the distro is doing things to harden the binaries (relro, nx, canaries, aslr, pie, etc) ; https://www.trapkit.de/tools/checksec/
- a13xp0p0v/kconfig-hardened-check: A tool for checking the security hardening options of the Linux kernel
-
Which kernel package do you use? Explain in the comments, why.
I want to point out I like this script to run some additional security confirmation checks on the kernel (pretty advanced, you need to know what stuff is, your brain needs to be on) https://github.com/a13xp0p0v/kconfig-hardened-check/
checksec.sh
-
Need Help with Int3 Breakpoint - Segmentation Fault Error and Python 2 to Python 3 Conversion
probably non executable stack. can you run https://github.com/slimm609/checksec.sh on the binary?
-
Hardening ELF Binaries Using Relocation Read-Only (Relro)
Also, one can use checksec to confirm that the protections are actually in place. https://github.com/slimm609/checksec.sh
I happened to be looking at this for Go binaries last night and it seems that -buildmode=pie gets you part of the way there. Was trying to see if full relro was possible with CGO_ENABLED=0 but it seems only partial was achievable in the few hours I spent.
-
Which kernel package do you use? Explain in the comments, why.
I also want to point out the checksec script for your confirming security on your userspace binaries - https://github.com/slimm609/checksec.sh (look for violations marked in red)
What are some alternatives?
linux-hardened - Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening
provision - Script to setup a new server.
droid-native - Next Generation Android x86 Desktop - Anbox, Lineage, WayDroid, BlissOS, Dock-Droid
How-To-Secure-A-Linux-Server - An evolving how-to guide for securing a Linux server.
How-To-Secure-A-Linux-Serve