From cad335a32acf8c31b49fe83f1b38b1d1a6da76be Mon Sep 17 00:00:00 2001 From: Hilton Chain Date: Sun, 6 Nov 2022 22:52:19 +0800 Subject: [PATCH] gnu: Add kconfig-hardened-check. * gnu/packages/linux.scm (kconfig-hardened-check): New variable. Signed-off-by: Christopher Baines --- gnu/packages/linux.scm | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 43de637a17..d00b683dd9 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -9512,3 +9512,35 @@ version of the HDAPS driver. The underlying hardware interfaces are @acronym{SMAPI, System Management Application Program Interface} and direct access to the embedded controller.") (license license:gpl2+))) + +(define-public kconfig-hardened-check + (package + (name "kconfig-hardened-check") + (version "0.5.17") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/a13xp0p0v/kconfig-hardened-check") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "0p9pywfxwyk4yfgaf7bhqrf72ywc6w6k77dbi7lldynha886ih4a")))) + (build-system python-build-system) + (home-page "https://github.com/a13xp0p0v/kconfig-hardened-check") + (synopsis + "Tool for checking the security hardening options of the Linux kernel") + (description + "@code{kconfig-hardened-check} is a tool for checking the security +hardening options of the Linux kernel. Provided preferences are based on +suggestions from various sources, including: + +@itemize +@item KSPP recommended settings +@item CLIP OS kernel configuration +@item Last public grsecurity patch (options which they disable) +@item SECURITY_LOCKDOWN_LSM patchset +@item Direct feedback from the Linux kernel maintainers +@end itemize\n +This tool supports checking Kconfig options and kernel cmdline parameters.") + (license license:gpl3)))