Git-Mirrors/plague-kernel
1
0
Fork 0
mirror of https://0xacab.org/optout/plague-kernel.git synced 2025-04-20 07:25:57 -04:00
Code Issues Packages Projects Releases Wiki Activity

Documentation updates

Browse Source
This commit is contained in:
optout 2024-02-01 15:12:29 +00:00
parent f9df8767a7
commit b3ab0ddccc
No known key found for this signature in database
GPG Key ID: 13BA4BD4C14170C0
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -11,6 +11,11 @@
### Trimming Efforts
- While linux-hardened security patchsets along with kernel configurations are notable for this kernel project, the purpose was to practice minimalism by reducing the size of the linux kernel, thereby cutting attack surface. This is not a trivial thing to record, therefore we are displaying the size purely as a point of comparison.
|Plague |
|--- | --- |
|Size (/lib/modules/)|47.0 MB |
|Size (vmlinuz)|8.1 MB|
### Current kconfig-hardened-check results
#### Successes
@ -185,6 +190,7 @@ CONFIG_TRIM_UNUSED_KSYMS | y | my |cut_attack_surf
CONFIG_MODULE_FORCE_LOAD | is not set | my |cut_attack_surface| OK
CONFIG_COREDUMP | is not set | clipos | harden_userspace | OK
CONFIG_ARCH_MMAP_RND_BITS | 32 | my | harden_userspace | OK
CONFIG_BINFMT_MISC | is not set | kspp |cut_attack_surface| OK
#### Fails
Option | Desired Value | Source | Reason | Result |
@ -210,7 +216,6 @@ CONFIG_CFI_CLANG | y | kspp | self_protectio
CONFIG_CFI_PERMISSIVE | is not set | kspp | self_protection | FAIL: CONFIG_CFI_CLANG is not "y"
CONFIG_SECURITY_SELINUX_BOOTPARAM | is not set | kspp | security_policy | FAIL: "y"
CONFIG_SECURITY_SELINUX_DEVELOP | is not set | kspp | security_policy | FAIL: "y"
CONFIG_BINFMT_MISC | is not set | kspp |cut_attack_surface| FAIL: "m"
CONFIG_MODULES | is not set | kspp |cut_attack_surface| FAIL: "y"
CONFIG_FAIL_FUTEX | is not set | grsec |cut_attack_surface| OK: is not found
CONFIG_KCMP | is not set | grsec |cut_attack_surface| FAIL: "y"
@ -220,5 +225,5 @@ CONFIG_USER_NS | is not set | clipos |cut_attack_surf
CONFIG_BPF_SYSCALL | is not set | lockdown |cut_attack_surface| FAIL: "y"
```
[+] Config check is finished: 'OK' - 168 / 'FAIL' - 28
[+] Config check is finished: 'OK' - 169 / 'FAIL' - 27