search

a13xp0p0v / kernel-hardening-checker

A tool for checking the security hardening options of the Linux kernel
GNU General Public License v3.0
1.67k stars 152 forks source link

Add Google's kernelctf attack surface reduction #137

Open jvoisin opened 4 months ago

a13xp0p0v commented 3 months ago

Hi @jvoisin,

Thanks for the idea!

Does disabling CONFIG_NF_TABLES break anything vital for general-purpose GNU/Linux distros?

jvoisin commented 3 months ago

If they're using nftables, yes :o) Otherwise, if the old iptables interface is used, nothing should break, no.

a13xp0p0v commented 3 months ago

Ok, let's save it as an idea for the future.

I have an idea: to add a column |with care| for dangerous options that may break something or introduce significant performance impact.