1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Re: Bug#1108225: RFS: kernel-hardening-checker/0.6.10.1-1 [ITP] -- Tool

    From Salvo Tomaselli@21:1/5 to All on Tue Jul 8 19:52:51 2025
    XPost: linux.debian.devel.mentors
    Copy: [email protected] (Kirill Rekhov)
    Copy: [email protected]

    Hello,

    thanks for packaging this.

    I was going to upload but when trying it I couldn't really get it to work:

    $ kernel-hardening-checker --mode verbose -a
    [+] Special report mode: verbose
    [+] Going to autodetect and check the security hardening options of the
    running kernel
    [-] ERROR: parsing /proc/version failed: failed to parse the version "6.12.35+deb13-amd64"

    Is this normal?

    Am I doing something wrong?

    Perhaps you want to add some examples of usage in the manpage before we upload it?

    --
    Salvo Tomaselli

    "Io non mi sento obbligato a credere che lo stesso Dio che ci ha dotato di senso, ragione ed intelletto intendesse che noi ne facessimo a meno."
    -- Galileo Galilei

    https://ltworf.codeberg.page/
    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCAAdFiEEQnSLnnbYmXmeH74Us6fPDIAYhs8FAmhtWvMACgkQs6fPDIAY hs/CWg//RaIrhmpdh9BoJGYrYvhpUmXqSRp0i6P7BIKKNsLiu/0KVK4WfPXzKD2g UAXac0HpRRkLFkJwoCLqKHXl+H3rSwcKALk2fcmtJPiu9Lhy/o5crltlNXA1BuJA LUFJRIHopQ+KEUi9thgOyMhDkitMkpmBOsmU6d6MK7v1FSxKRIg7nuOngLBqDE+n YX7k2LB+V8hy8SPGokTqfZA7OPOAFwpmAswrGO7mVWbul012o7NBhdpJEnpEHNct GoUXcEGv6jjJwzEUMZYOyNZ3XCR7QCvmDewdiSem2IDFlbd09Qac6PmGhDl1WEhf qjyZFyaceor0G4+KgoPPqmkMHZkYocYhYnIMxS09zjARgrmxDYShOUvGsi7JZNCw 0LX3UCYeImDVdXk1eVNJQfG489ARwndUws4OryMbEzc6AOXDRSi4syvg2VIaR81V SFpxRITi3Llq7f3LJ04SQsRiWsJnOaRskbBYRtcc5LfXhQQwhiJpIAlgEPsJAb8H tXv4C1w9n7hwqq4lFaKTjWS9KTfe2JE0IvxMHmZcjQVLR1snn1R1fdsLKARfZU++ ubQM1hQYFjzBk2l+XfqJi3gFSDXzZ95EK07ugugiobT4CrRP5q4KJ+oRVxZUCXS9 xrTVszSgSuKnNhf1nrpb/QJHiRK4IBWBY5tHFY7/Wybm0TmXOGc=
    =HKJz
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Salvo Tomaselli@21:1/5 to Kirill Rekhov on Wed Jul 9 18:05:00 2025
    XPost: linux.debian.devel.mentors
    Copy: [email protected]
    Copy: [email protected]

    Hello,

    well I have a completely default debian installed kernel so if it fails with debian kernels perhaps it needs some more work before being in debian?

    You could try with a sid vm in qemu maybe…

    In data mercoledì 9 luglio 2025 16:12:55 Ora legale dell’Europa centrale, Kirill Rekhov ha scritto:
    Hi, Salvo

    Yes, we added man with upstream author, in version 0.6.10.2-1 you can do:
    $ man kernel-hardening-checker

    Am I doing something wrong?

    you are doing everything right, this command works for me:
    $ sudo kernel-hardening-checker --mode verbose -a
    [+] Special report mode: verbose
    [+] Going to autodetect and check the security hardening options of the running kernel
    [+] Detected version of the running kernel: (6, 1, 0)
    [+] Detected kconfig file of the running kernel: /boot/config-6.1.0-32-amd64 [+] Detected cmdline parameters of the running kernel: /proc/cmdline [+] Saved sysctls to a temporary file /tmp/sysctl-pyrxvnl5
    [+] Detected architecture: X86_64
    [+] Detected compiler: GCC 120200
    [?] No check for kconfig option CONFIG_CC_VERSION_TEXT ("gcc-12 (Debian 12.2.0-14) 12.2.0")
    [?] No check for kconfig option CONFIG_GCC_VERSION (120200)
    [?] No check for kconfig option CONFIG_CLANG_VERSION (0)
    [?] No check for kconfig option CONFIG_AS_IS_GNU (y)
    [?] No check for kconfig option CONFIG_AS_VERSION (24000)
    [?] No check for kconfig option CONFIG_LD_IS_BFD (y)
    ...

    but for some reason it doesn't work for you and I don't know why, you can refer
    to https://github.com/a13xp0p0v/kernel-hardening-checker/issues

    ---
    Regards, Kirill Rekhov

    GPG Fingerprint:
    2640 769D FDA1 AAA0 F863 D1AE 5F2C 5905 519C E0A0

    вт, 8 июл. 2025 г. в 20:52, Salvo Tomaselli <[email protected]>:
    Hello,

    thanks for packaging this.

    I was going to upload but when trying it I couldn't really get it to work:

    $ kernel-hardening-checker --mode verbose -a
    [+] Special report mode: verbose
    [+] Going to autodetect and check the security hardening options of the running kernel
    [-] ERROR: parsing /proc/version failed: failed to parse the version "6.12.35+deb13-amd64"

    Is this normal?

    Am I doing something wrong?

    Perhaps you want to add some examples of usage in the manpage before we upload
    it?

    --
    Salvo Tomaselli

    "Io non mi sento obbligato a credere che lo stesso Dio che ci ha dotato di senso, ragione ed intelletto intendesse che noi ne facessimo a meno."

    -- Galileo Galilei

    https://ltworf.codeberg.page/


    --
    Salvo Tomaselli

    "Io non mi sento obbligato a credere che lo stesso Dio che ci ha dotato di senso, ragione ed intelletto intendesse che noi ne facessimo a meno."
    -- Galileo Galilei

    https://ltworf.codeberg.page/
    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCAAdFiEEQnSLnnbYmXmeH74Us6fPDIAYhs8FAmhukywACgkQs6fPDIAY hs++ghAAhiK5HVulXPrdBCy6bc+6kC1mnMw4OjiM3PD6810kpak6t3EqnqD9rL7n TJicYhHyxCRrD4n9rmZgw+zC++jg21o3BC+FpHYB5Sp8cE+rQsIj2vd4SmUuxl1m 8F5K/BP/CbgE+iO9XWM/2ojykrSdpNKGTNh3tBm9Z9FjxYpBYAYqIwkSed9lS6X+ GQUJBL6/Rg7jKuToL3g7TktxrqbAjO7Vm4k7YJI5BF2W3Gdd2bbqt9ij1qZBswhb XoD4w/BMkh/Df1HmSyahqk3VsQzAAv+2EaiWYd6BplZo+v9gzi2sIbmp9IZQX3RO UgNUzk8vYCxr7KdiUjL0K7ik0iMgSv4+DMjyqas2pQH4LtKydFrx38vWiRkGEtoP hfMwoYNbHrus67BS96KQeXDA1ZBmVyYKEuWLdoxO/iRrgVuX2QyPyf99LJ4/uXwo XSSf3TBUpzbx9wgYxlp1N+3llM/ed0n/t0OxrEXS/ZByaTbQ4SmLTpI1zyEEWFBW MHg8OKb8GPvEQma5mHnLuVLrlQ241tLM4BwPA+Honeyg6w0gB66PfcMvubKtB8yq CMN84S8DVyPOdcqZQcvqTnFY1h11D8fWMPSQcMpLOFFkqqVibAU879EAhdA2Cg0e 0nJQ3EIHYo61+2nUCLdY4EQgL
  • From Mathias Gibbens@21:1/5 to Salvo Tomaselli on Wed Jul 9 19:10:01 2025
    XPost: linux.debian.devel.mentors

    A quick guess is that the change to include "+deb13" in the kernel
    version is what's causing the breakage: https://salsa.debian.org/kernel-team/linux/-/merge_requests/1524

    Mathias

    On Wed, 2025-07-09 at 18:05 +0200, Salvo Tomaselli wrote:
    Hello,

    well I have a completely default debian installed kernel so if it fails with debian kernels perhaps it needs some more work before being in debian?

    You could try with a sid vm in qemu maybe…

    In data mercoledì 9 luglio 2025 16:12:55 Ora legale dell’Europa centrale, Kirill Rekhov ha scritto:
    Hi, Salvo

    Yes, we added man with upstream author, in version 0.6.10.2-1 you can do:
    $ man kernel-hardening-checker

    Am I doing something wrong?

    you are doing everything right, this command works for me:
    $ sudo kernel-hardening-checker --mode verbose -a
    [+] Special report mode: verbose
    [+] Going to autodetect and check the security hardening options of the running kernel
    [+] Detected version of the running kernel: (6, 1, 0)
    [+] Detected kconfig file of the running kernel: /boot/config-6.1.0-32-amd64
    [+] Detected cmdline parameters of the running kernel: /proc/cmdline [+] Saved sysctls to a temporary file /tmp/sysctl-pyrxvnl5
    [+] Detected architecture: X86_64
    [+] Detected compiler: GCC 120200
    [?] No check for kconfig option CONFIG_CC_VERSION_TEXT ("gcc-12 (Debian 12.2.0-14) 12.2.0")
    [?] No check for kconfig option CONFIG_GCC_VERSION (120200)
    [?] No check for kconfig option CONFIG_CLANG_VERSION (0)
    [?] No check for kconfig option CONFIG_AS_IS_GNU (y)
    [?] No check for kconfig option CONFIG_AS_VERSION (24000)
    [?] No check for kconfig option CONFIG_LD_IS_BFD (y)
    ...

    but for some reason it doesn't work for you and I don't know why, you can refer
    to https://github.com/a13xp0p0v/kernel-hardening-checker/issues

    ---
    Regards, Kirill Rekhov

    GPG Fingerprint:
    2640 769D FDA1 AAA0 F863  D1AE 5F2C 5905 519C E0A0

    вт, 8 июл. 2025 г. в 20:52, Salvo Tomaselli <[email protected]>:
    Hello,

    thanks for packaging this.

    I was going to upload but when trying it I couldn't really get it to work:

    $ kernel-hardening-checker --mode verbose -a
    [+] Special report mode: verbose
    [+] Going to autodetect and check the security hardening options of the running kernel
    [-] ERROR: parsing /proc/version failed: failed to parse the version "6.12.35+deb13-amd64"

    Is this normal?

    Am I doing something wrong?

    Perhaps you want to add some examples of usage in the manpage before we upload
    it?

    --
    Salvo Tomaselli

    "Io non mi sento obbligato a credere che lo stesso Dio che ci ha dotato di
    senso, ragione ed intelletto intendesse che noi ne facessimo a meno."

                    -- Galileo Galilei

    https://ltworf.codeberg.page/


    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEE1Bp60H32xfynSJ8cKe7i1uz0QvkFAmhuoLIACgkQKe7i1uz0 Qvnqvw/+Pn0kPWEaLADs+gdK+xmRXzXkFm8LTpFclLhiigUQ8NA2p1ieBaPMKP+N IWeI3UB/8a+xIFWRSToeBkcnHM+E9ykDFGBBXtaJGjHkS4fESnYfg8FXMhn3BrBj +F9fRqDuPyQI+gj9LLNnINjVaiqlsbUnb7fzWZKsKNPcMH+sOJp7ftViNzn8lQ6K fQSGtNxqNtzs7q1xEc9gw8Y+fZs8MCnHAV5w4Q1hihtdJorR94P7M85ZDT1Q2QOZ 7gmG3xmW4THHrzGNRfA3aqaIzQHsbC8Q7PfHauuaLGIi/Xt3ByYakqBYtApOLJ7+ sZODCJ+0hP2ZGnW1GQ88O41Y3RC361HjRb/64Y7sS5Kr/tVUd3HViOZtvBXsEXEB lZzr4QcTM3a17Swgbv6FxRKOP5KNgW6W7mLE+xsx3jqb5jLRfCcDCH37vFWhWHud hDmJ++2/c0kUifN3X/nIUI1AHbpWsobGmrH+nnNgAfDSFLWF+fgVEKxph6ZbRdeU /XJ2PUVluWjW53rdIJxmXmCEUBoMsIzK2k+Pw6j5R+nnLJ+qYLanJcwhGFrdSpvF CNBb31FTivOK8tei1/3RO393+DSf0MILDY2tXLwA/ZDqhDx82pDTtZyT0WvcY/hz ZpCGX4NLNAO49qzj21wY7vw1CGrx+tZ5kTndL0ibV4fGkN2fa38=
    =jHkI
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)