Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore kernel.modules_disabled if CONFIG_MODULES is not set #174

Open
jo-so opened this issue Jan 10, 2025 · 1 comment
Open

Ignore kernel.modules_disabled if CONFIG_MODULES is not set #174

jo-so opened this issue Jan 10, 2025 · 1 comment
Labels
bug Something isn't working

Comments

@jo-so
Copy link

jo-so commented Jan 10, 2025

We are using no modules for our kernel (CONFIG_MODULES=n) which removes /proc/sys/kernel/modules_disabled. This makes this check fail:

+kernel.modules_disabled                 |sysctl |     1      |   kspp   |cut_attack_surface| FAIL: is not found

We are using version f4dbe25.
@a13xp0p0v
Copy link
Owner

Hello @jo-so,

It looks like v0.6.10 contains the commit 7a85a7f, which solves your issue.

But it can work only if you check sysctl together with kconfig. Without the kconfig file, kernel-hardening-checker can't know that your kernel has disabled CONFIG_MODULES.

Could you please try the tool both with -c and -s?

I guess in this case there is no false check.

@a13xp0p0v a13xp0p0v added the bug Something isn't working label Jan 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@a13xp0p0v @jo-so