Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / a13xp0p0v/kernel-hardening-checker issues and pull requests
#164 - implementation of `arch_mmap_rnd` checks
Pull Request -
State: open - Opened by d1sgr4c3 29 days ago
#163 - Add an --autodetect option
Pull Request -
State: open - Opened by jvoisin about 1 month ago
- 4 comments
Labels: new_feature
#162 - Add PTDUMP_DEBUGFS (arm64)
Pull Request -
State: closed - Opened by citypw about 2 months ago
- 2 comments
#161 - implementation of `detect_arch_sysctl()`
Pull Request -
State: closed - Opened by d1sgr4c3 2 months ago
- 5 comments
#158 - Implement `detect_arch_sysctl()`
Issue -
State: closed - Opened by a13xp0p0v 2 months ago
Labels: new_feature
#157 - implementation of `vm.mmap_min_addr = 65536` sysctl check
Pull Request -
State: closed - Opened by d1sgr4c3 3 months ago
- 8 comments
Labels: new_check
#156 - implementation of `CONFIG_CFI_AUTO_DEFAULT `
Pull Request -
State: closed - Opened by d1sgr4c3 3 months ago
- 3 comments
Labels: new_check
#153 - Implement the `vm.mmap_min_addr = 65536` sysctl check
Issue -
State: closed - Opened by a13xp0p0v 3 months ago
- 1 comment
Labels: good_first_issue, new_check
#146 - Implement the `CONFIG_ARCH_MMAP_RND_COMPAT_BITS` check
Issue -
State: open - Opened by a13xp0p0v 4 months ago
- 6 comments
Labels: good_first_issue, new_check
#130 - Add a --autodetect option
Pull Request -
State: closed - Opened by jvoisin 6 months ago
- 5 comments
Labels: new_feature
#101 - CONFIG_ARCH_MMAP_RND_BITS check is wrong for arm64
Issue -
State: closed - Opened by thestinger 10 months ago
- 3 comments
Labels: question
#101 - CONFIG_ARCH_MMAP_RND_BITS check is wrong for arm64
Issue -
State: closed - Opened by thestinger 10 months ago
- 3 comments
Labels: question
#100 - CONFIG_COMPAT_VDSO has a completely different meaning for arm64 and recommending disabling it doesn't make sense there
Issue -
State: closed - Opened by thestinger 10 months ago
- 3 comments
Labels: question
#100 - CONFIG_COMPAT_VDSO has a completely different meaning for arm64 and recommending disabling it doesn't make sense there
Issue -
State: closed - Opened by thestinger 10 months ago
- 3 comments
Labels: question
#99 - skip CONFIG_DEBUG_NOTIFIERS requirement when CONFIG_CFI_CLANG is set with CONFIG_CFI_PERMISSIVE disabled
Issue -
State: closed - Opened by thestinger 10 months ago
- 4 comments
Labels: new_feature
#99 - skip CONFIG_DEBUG_NOTIFIERS requirement when CONFIG_CFI_CLANG is set with CONFIG_CFI_PERMISSIVE disabled
Issue -
State: closed - Opened by thestinger 10 months ago
- 4 comments
Labels: new_feature
#98 - skip CONFIG_SCHED_STACK_END_CHECK requirement when CONFIG_VMAP_STACK is set
Issue -
State: closed - Opened by thestinger 10 months ago
- 2 comments
Labels: new_feature
#98 - skip CONFIG_SCHED_STACK_END_CHECK requirement when CONFIG_VMAP_STACK is set
Issue -
State: closed - Opened by thestinger 10 months ago
- 2 comments
Labels: new_feature
#97 - Get rid of CONFIG_DEBUG_CREDENTIALS
Issue -
State: closed - Opened by Sporif 11 months ago
- 3 comments
Labels: new_feature
#97 - Get rid of CONFIG_DEBUG_CREDENTIALS
Issue -
State: closed - Opened by Sporif 11 months ago
- 3 comments
Labels: new_feature
#96 - new tag?
Issue -
State: closed - Opened by asarubbo 11 months ago
- 2 comments
Labels: question
#96 - new tag?
Issue -
State: closed - Opened by asarubbo 11 months ago
- 2 comments
Labels: question
#95 - Check for module force loading?
Issue -
State: closed - Opened by vobst 11 months ago
- 1 comment
Labels: new_feature
#95 - Check for module force loading?
Issue -
State: closed - Opened by vobst 11 months ago
- 1 comment
Labels: new_feature
#94 - add --kernel-version option
Pull Request -
State: closed - Opened by ffontaine 12 months ago
- 1 comment
#94 - add --kernel-version option
Pull Request -
State: closed - Opened by ffontaine 12 months ago
- 1 comment
#93 - added wsl config
Pull Request -
State: closed - Opened by mrkoykang 12 months ago
- 2 comments
Labels: new_feature
#93 - added wsl config
Pull Request -
State: closed - Opened by mrkoykang 12 months ago
- 2 comments
Labels: new_feature
#92 - new make hardening.config available
Issue -
State: closed - Opened by osevan about 1 year ago
- 4 comments
Labels: new_feature
#92 - new make hardening.config available
Issue -
State: closed - Opened by osevan about 1 year ago
- 4 comments
Labels: new_feature
#91 - Modify requirements for Android configs
Pull Request -
State: closed - Opened by petervanvugt about 1 year ago
- 2 comments
#91 - Modify requirements for Android configs
Pull Request -
State: closed - Opened by petervanvugt about 1 year ago
- 2 comments
#90 - Use /usr/bin/env in shebangs
Pull Request -
State: closed - Opened by SuperSandro2000 about 1 year ago
- 1 comment
#90 - Use /usr/bin/env in shebangs
Pull Request -
State: closed - Opened by SuperSandro2000 about 1 year ago
- 1 comment
#89 - Fix a false positive in REFCOUNT_FULL in recent 5.4.x
Pull Request -
State: closed - Opened by hlein about 1 year ago
- 3 comments
#88 - False positive on CONFIG_REFCOUNT_FULL in recent 5.4.x kernels
Issue -
State: closed - Opened by hlein about 1 year ago
- 3 comments
#87 - Add a check for IA32_EMULATION
Issue -
State: closed - Opened by jvoisin about 1 year ago
- 5 comments
Labels: new_feature
#86 - Add colors to output
Pull Request -
State: closed - Opened by frakman1 about 1 year ago
- 7 comments
#85 - Rename kconfig-hardened-check into kernel-hardening-checker
Pull Request -
State: closed - Opened by a13xp0p0v about 1 year ago
- 1 comment
#84 - Add RDK Linux Hardening specification flags
Issue -
State: closed - Opened by frakman1 about 1 year ago
- 3 comments
Labels: question
#83 - Enhancement add kmalloc hardening
Issue -
State: closed - Opened by osevan about 1 year ago
- 2 comments
Labels: new_feature
#82 - Consider removing/not recommending CONFIG_ZERO_CALL_USED_REGS
Issue -
State: closed - Opened by jvoisin over 1 year ago
- 1 comment
Labels: question
#81 - Color indicators for "check result" column
Issue -
State: closed - Opened by harisphnx over 1 year ago
- 15 comments
Labels: new_feature
#80 - Added support for gzipped config (eg. /proc/config.gz)
Pull Request -
State: closed - Opened by nE0sIghT over 1 year ago
- 2 comments
#79 - Create unit-tests for the engine checking the correctness
Issue -
State: closed - Opened by a13xp0p0v over 1 year ago
- 1 comment
Labels: new_feature
#78 - Fix nixos integration
Pull Request -
State: closed - Opened by Mic92 almost 2 years ago
- 2 comments
#77 - add get-nixos-kconfig nix script
Pull Request -
State: closed - Opened by o8opi almost 2 years ago
- 2 comments
#76 - iommu=force
Issue -
State: closed - Opened by d4rklynk almost 2 years ago
- 1 comment
#75 - Integrity Measurement Architecture
Issue -
State: closed - Opened by JohnVengert almost 2 years ago
- 1 comment
Labels: question
#74 - Add disabling compatibility mode.
Pull Request -
State: closed - Opened by Manouchehri about 2 years ago
- 4 comments
#73 - ERORR?
Issue -
State: closed - Opened by alpahca about 2 years ago
- 3 comments
#71 - Config change in 5.19.X
Issue -
State: closed - Opened by Churam about 2 years ago
- 3 comments
#70 - COPR repo with built kernel with suggested recommendations
Issue -
State: closed - Opened by krishjainx over 2 years ago
- 6 comments
#69 - Create documentation describing Linux kernel security options
Issue -
State: open - Opened by a13xp0p0v over 2 years ago
- 7 comments
Labels: new_feature
#68 - Create a tool reporting mainline kernel versions that support a recommended option
Issue -
State: closed - Opened by a13xp0p0v over 2 years ago
- 1 comment
Labels: new_feature
#67 - Create a tool that changes kconfig options according to the recommendations
Issue -
State: closed - Opened by a13xp0p0v over 2 years ago
- 3 comments
Labels: new_feature
#66 - Evaluate performance penalty of the recommended kernel options
Issue -
State: open - Opened by a13xp0p0v over 2 years ago
- 2 comments
Labels: new_feature
#65 - Support checking sysctl security options
Issue -
State: closed - Opened by a13xp0p0v over 2 years ago
- 1 comment
Labels: new_feature
#64 - script fetch configs from different kernel images for current architecture
Pull Request -
State: closed - Opened by o8opi over 2 years ago
- 6 comments
#63 - Fix getting Nix kconfig (contrib)
Issue -
State: closed - Opened by a13xp0p0v over 2 years ago
- 6 comments
Labels: bug
#62 - Add BLK_DEV_FD_RAWCMD
Pull Request -
State: closed - Opened by evdenis over 2 years ago
- 2 comments
Labels: kernel_maintainer_recommendation
#61 - Let user select configs without absolute path
Issue -
State: closed - Opened by dmknght over 2 years ago
- 5 comments
#60 - UBSAN_SANITIZE_ALL not available on ARM
Pull Request -
State: closed - Opened by cyanidium over 2 years ago
- 2 comments
#59 - EFI mitigations can't be enabled if EFI is not set
Pull Request -
State: closed - Opened by cyanidium over 2 years ago
#58 - CONFIG_TRIM_UNUSED_KSYMS and CONFIG_MODULES not in sync
Issue -
State: closed - Opened by Churam almost 3 years ago
- 2 comments
#57 - CONFIG_AMD_IOMMU_V2 = m appears also to be correct
Issue -
State: closed - Opened by brandonweeks almost 3 years ago
- 2 comments
Labels: question
#56 - Add RISC-V support
Issue -
State: open - Opened by a13xp0p0v almost 3 years ago
- 1 comment
Labels: new_feature
#55 - Should slub_debug be considered a hardening cmd line parameter?
Issue -
State: closed - Opened by morfikov about 3 years ago
- 1 comment
Labels: question
#54 - Add BLK_DEV_FD
Pull Request -
State: closed - Opened by evdenis about 3 years ago
- 2 comments
Labels: kernel_maintainer_recommendation
#53 - Justification of UBSAN-related choices?
Issue -
State: closed - Opened by equaeghe about 3 years ago
- 5 comments
Labels: kernel_maintainer_recommendation
#52 - Add RANDOMIZE_KSTACK_OFFSET_DEFAULT
Pull Request -
State: closed - Opened by anthraxx about 3 years ago
- 4 comments
#51 - Added cbl-mariner kernel configuration file.
Pull Request -
State: closed - Opened by Hacks4Snacks about 3 years ago
- 4 comments
#50 - Allow redefining rules and expanding rule sets
Issue -
State: open - Opened by petervanvugt over 3 years ago
- 5 comments
Labels: new_feature
#49 - Some checks seem to be at odds with what the recommended settings are
Issue -
State: closed - Opened by wdormann over 3 years ago
- 2 comments
#48 - Do not check CONFIG_HARDEN_EL2_VECTORS for v5.9+
Pull Request -
State: closed - Opened by pgils about 4 years ago
- 4 comments
#47 - Please support /proc/config.gz
Issue -
State: closed - Opened by morfikov about 4 years ago
- 3 comments
#46 - CPU specific options and the kernel cmd line
Issue -
State: closed - Opened by morfikov about 4 years ago
- 6 comments
Labels: new_feature
#45 - Request for command line options to display only OK/FAIL items
Issue -
State: closed - Opened by fonic over 4 years ago
- 2 comments
#44 - KSPP future in defconf linux distribution.
Issue -
State: closed - Opened by bryn1u over 4 years ago
- 4 comments
#43 - Upgrading to Ubuntu 20.04 kernel config
Pull Request -
State: closed - Opened by theLOICofFRANCE over 4 years ago
- 1 comment
#42 - add tests
Pull Request -
State: closed - Opened by shamilbi over 4 years ago
- 4 comments
#41 - Add CONFIG_INPUT_EVBUG
Pull Request -
State: closed - Opened by theLOICofFRANCE over 4 years ago
- 1 comment
#40 - pylint some code
Pull Request -
State: closed - Opened by shamilbi over 4 years ago
- 1 comment
#39 - VerCheck: work with 3-digit kernel versions
Pull Request -
State: closed - Opened by shamilbi over 4 years ago
- 4 comments
#38 - graphics related options
Issue -
State: closed - Opened by danvet over 4 years ago
- 9 comments
Labels: kernel_maintainer_recommendation
#37 - conflict with the latest grsecurity
Issue -
State: closed - Opened by pythonmandev over 4 years ago
- 2 comments
#36 - null
Issue -
State: closed - Opened by ghost over 4 years ago
#35 - can't add version check for constraints in a logical product
Issue -
State: closed - Opened by tych0 over 4 years ago
- 6 comments
#34 - GrapheneOS is the continuation of CopperheadOS
Pull Request -
State: closed - Opened by madaidan over 4 years ago
#33 - CONFIG_STATIC_USERMODEHELPER
Issue -
State: closed - Opened by anthonyryan1 over 4 years ago
- 2 comments
#32 - Fix LDISC_AUTOLOAD check
Pull Request -
State: closed - Opened by madaidan over 4 years ago
- 4 comments
#31 - Update config files
Pull Request -
State: closed - Opened by theLOICofFRANCE over 4 years ago
- 3 comments
#30 - Has CONFIG_REFCOUNT_FULL and VMAP_STACK been removed from Kernel-5.5 ?
Issue -
State: closed - Opened by bryn1u almost 5 years ago
- 8 comments
#29 - Recommend PANIC_ON_OOPS
Pull Request -
State: closed - Opened by madaidan almost 5 years ago
- 6 comments
#28 - Don't give errors about CONFIG_PAGE_POISONING when using an alternative
Issue -
State: closed - Opened by madaidan almost 5 years ago
- 5 comments
#27 - add nix build files
Pull Request -
State: closed - Opened by Mic92 almost 5 years ago
- 17 comments
#26 - enable distribution via pip/setuptools
Pull Request -
State: closed - Opened by Mic92 almost 5 years ago
- 2 comments
#25 - Hardened Kernel Config File for Virtual Machines (VMs) ("cloud kernel")
Issue -
State: closed - Opened by adrelanos almost 5 years ago
- 6 comments
#24 - Create debian-buster.config
Pull Request -
State: closed - Opened by alexandernst about 5 years ago
- 7 comments
#23 - LOCK_DOWN_KERNEL
Issue -
State: closed - Opened by rubeecube over 5 years ago
- 5 comments