Closed frakman1 closed 2 months ago
Link no longer appears to be up. I saved a cache for reference:
RDK Linux Hardening specification Created on June 21, 2022
Need to compare these recommendations with the current kernel-hardening-checker
rules.
Gonna do that after preparing the next release of the tool.
I looked through these ideas. Not all of them are about the kernel.
I've added the CONFIG_CRASH_DUMP
check also recommended by ClipOS.
Thanks! Closing the issue.
The RDK Linux Hardening specification lists many flags that are not checked in this tool. The first five I looked for were not there:
CONFIG_DEBUG_KERNEL
CONFIG_MARKERS
CONFIG_DEBUG_MEMLEAK
andCONFIG_ELF_CORE
Perhaps these can be added as part of a new 'RDK security policy' check for the 'decision' column