Kernel config checker, mainly used for compliance checks

  • By TimothΓ©e Ravier
  • Last update: Nov 25, 2022
  • Comments: 0

Kernel config checker

Checks that options in a given kernel config match a list of expected values. This is usefull to check for compliance, for example with the ANSSI-BP-028 v2.0 profile.

See also the OpenSCAP profiles for the rest of the system configuration.

How to

  1. Download a kernel config:
# Example from:
# CentOS Stream:
# Fedora:
$ curl -O
$ curl -O
$ curl -O
$ curl -O
  1. Match them with a config profile:
$ go run main.go \
    -config examples/c9s/kernel-x86_64-rhel.config,examples/c9s/kernel-aarch64-rhel.config \
    -profile profiles/ANSSI-BP-028 \
    > results.csv

Interpreting results

Note that it's extremely unlikely that you will have all config options set as recommended as some options are so strict that they are impractical in most cases (see CONFIG_MODULES is not set for example).