dargslan-kernel-check 1.0.0__tar.gz

dargslan_kernel_check-1.0.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Dargslan
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

dargslan_kernel_check-1.0.0/PKG-INFO

@@ -0,0 +1,65 @@
+Metadata-Version: 2.4
+Name: dargslan-kernel-check
+Version: 1.0.0
+Summary: Linux kernel parameter checker — audit sysctl hardening, compare live vs saved settings, and security recommendations
+Author-email: Dargslan <info@dargslan.com>
+License: MIT
+Project-URL: Homepage, https://dargslan.com
+Project-URL: Documentation, https://dargslan.com/blog
+Project-URL: Repository, https://github.com/Dargslan
+Project-URL: Free Cheat Sheets, https://dargslan.com/cheat-sheets
+Project-URL: Linux & DevOps Books, https://dargslan.com/books
+Keywords: kernel,sysctl,hardening,security,linux,sysadmin,devops
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: System Administrators
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Security
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Dynamic: license-file
+
+# dargslan-kernel-check
+
+**Linux Kernel Parameter Checker** — Audit sysctl hardening, compare live vs saved settings, security scoring. Zero external dependencies.
+
+[![PyPI version](https://img.shields.io/pypi/v/dargslan-kernel-check)](https://pypi.org/project/dargslan-kernel-check/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+## Installation
+
+```bash
+pip install dargslan-kernel-check
+```
+
+## CLI Usage
+
+```bash
+dargslan-kernel report        # Full hardening report with score
+dargslan-kernel score         # Security score out of 100
+dargslan-kernel params        # All security parameters
+dargslan-kernel diffs         # Live vs saved differences
+dargslan-kernel json          # JSON output
+```
+
+## Python API
+
+```python
+from dargslan_kernel_check import KernelCheck
+kc = KernelCheck()
+score = kc.get_score()
+params = kc.check_all_params()
+kc.print_report()
+```
+
+## More from Dargslan
+
+- [Dargslan.com](https://dargslan.com) — Linux & DevOps eBook Store
+- [Free Cheat Sheets](https://dargslan.com/cheat-sheets)
+- [Blog & Tutorials](https://dargslan.com/blog)
+
+## License
+
+MIT — see [LICENSE](LICENSE)

dargslan_kernel_check-1.0.0/README.md

@@ -0,0 +1,42 @@
+# dargslan-kernel-check
+
+**Linux Kernel Parameter Checker** — Audit sysctl hardening, compare live vs saved settings, security scoring. Zero external dependencies.
+
+[![PyPI version](https://img.shields.io/pypi/v/dargslan-kernel-check)](https://pypi.org/project/dargslan-kernel-check/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+## Installation
+
+```bash
+pip install dargslan-kernel-check
+```
+
+## CLI Usage
+
+```bash
+dargslan-kernel report        # Full hardening report with score
+dargslan-kernel score         # Security score out of 100
+dargslan-kernel params        # All security parameters
+dargslan-kernel diffs         # Live vs saved differences
+dargslan-kernel json          # JSON output
+```
+
+## Python API
+
+```python
+from dargslan_kernel_check import KernelCheck
+kc = KernelCheck()
+score = kc.get_score()
+params = kc.check_all_params()
+kc.print_report()
+```
+
+## More from Dargslan
+
+- [Dargslan.com](https://dargslan.com) — Linux & DevOps eBook Store
+- [Free Cheat Sheets](https://dargslan.com/cheat-sheets)
+- [Blog & Tutorials](https://dargslan.com/blog)
+
+## License
+
+MIT — see [LICENSE](LICENSE)

dargslan_kernel_check-1.0.0/dargslan_kernel_check/__init__.py

@@ -0,0 +1,183 @@
+"""
+dargslan-kernel-check — Linux Kernel Parameter Checker
+
+Audit sysctl hardening, compare live vs saved settings, and security recommendations.
+Zero external dependencies — uses only Python standard library.
+
+Homepage: https://dargslan.com
+Books: https://dargslan.com/books
+Blog: https://dargslan.com/blog
+"""
+
+__version__ = "1.0.0"
+__author__ = "Dargslan"
+__url__ = "https://dargslan.com"
+
+import os
+import json
+import subprocess
+
+
+class KernelCheck:
+    """Audit Linux kernel parameters for security hardening."""
+
+    SECURITY_PARAMS = {
+        'net.ipv4.ip_forward': {'recommended': '0', 'description': 'IP forwarding (disable unless router)', 'severity': 'warning'},
+        'net.ipv4.conf.all.accept_redirects': {'recommended': '0', 'description': 'ICMP redirects', 'severity': 'warning'},
+        'net.ipv4.conf.default.accept_redirects': {'recommended': '0', 'description': 'Default ICMP redirects', 'severity': 'warning'},
+        'net.ipv4.conf.all.send_redirects': {'recommended': '0', 'description': 'Send ICMP redirects', 'severity': 'warning'},
+        'net.ipv4.conf.all.accept_source_route': {'recommended': '0', 'description': 'Source routing', 'severity': 'warning'},
+        'net.ipv4.conf.all.log_martians': {'recommended': '1', 'description': 'Log martian packets', 'severity': 'info'},
+        'net.ipv4.icmp_echo_ignore_broadcasts': {'recommended': '1', 'description': 'Ignore broadcast pings', 'severity': 'warning'},
+        'net.ipv4.icmp_ignore_bogus_error_responses': {'recommended': '1', 'description': 'Ignore bogus ICMP errors', 'severity': 'info'},
+        'net.ipv4.tcp_syncookies': {'recommended': '1', 'description': 'SYN flood protection', 'severity': 'critical'},
+        'net.ipv4.conf.all.rp_filter': {'recommended': '1', 'description': 'Reverse path filtering', 'severity': 'warning'},
+        'net.ipv4.conf.default.rp_filter': {'recommended': '1', 'description': 'Default reverse path filtering', 'severity': 'warning'},
+        'kernel.randomize_va_space': {'recommended': '2', 'description': 'ASLR (Address Space Layout Randomization)', 'severity': 'critical'},
+        'kernel.exec-shield': {'recommended': '1', 'description': 'Exec-Shield protection', 'severity': 'warning'},
+        'kernel.sysrq': {'recommended': '0', 'description': 'Magic SysRq key (disable in production)', 'severity': 'info'},
+        'kernel.core_uses_pid': {'recommended': '1', 'description': 'Core dumps with PID', 'severity': 'info'},
+        'kernel.dmesg_restrict': {'recommended': '1', 'description': 'Restrict dmesg access', 'severity': 'warning'},
+        'kernel.kptr_restrict': {'recommended': '2', 'description': 'Restrict kernel pointer access', 'severity': 'warning'},
+        'net.ipv6.conf.all.accept_redirects': {'recommended': '0', 'description': 'IPv6 ICMP redirects', 'severity': 'warning'},
+        'net.ipv6.conf.default.accept_redirects': {'recommended': '0', 'description': 'IPv6 default ICMP redirects', 'severity': 'warning'},
+        'fs.suid_dumpable': {'recommended': '0', 'description': 'SUID core dumps', 'severity': 'warning'},
+    }
+
+    def __init__(self):
+        pass
+
+    def _get_sysctl(self, param):
+        path = f'/proc/sys/{param.replace(".", "/")}'
+        try:
+            with open(path, 'r') as f:
+                return f.read().strip()
+        except (FileNotFoundError, PermissionError):
+            return None
+
+    def get_kernel_version(self):
+        """Get running kernel version."""
+        try:
+            with open('/proc/version', 'r') as f:
+                return f.read().strip()
+        except (FileNotFoundError, PermissionError):
+            return 'unknown'
+
+    def check_all_params(self):
+        """Check all security-relevant kernel parameters."""
+        results = []
+        for param, config in self.SECURITY_PARAMS.items():
+            current = self._get_sysctl(param)
+            if current is None: continue
+            compliant = current == config['recommended']
+            results.append({
+                'param': param,
+                'current': current,
+                'recommended': config['recommended'],
+                'compliant': compliant,
+                'description': config['description'],
+                'severity': config['severity'],
+            })
+        return results
+
+    def get_saved_settings(self):
+        """Read sysctl settings from config files."""
+        saved = {}
+        config_files = ['/etc/sysctl.conf']
+        sysctl_d = '/etc/sysctl.d'
+        if os.path.isdir(sysctl_d):
+            for f in sorted(os.listdir(sysctl_d)):
+                if f.endswith('.conf'):
+                    config_files.append(os.path.join(sysctl_d, f))
+
+        for conf_file in config_files:
+            try:
+                with open(conf_file, 'r') as f:
+                    for line in f:
+                        line = line.strip()
+                        if line and not line.startswith('#') and '=' in line:
+                            key, _, value = line.partition('=')
+                            saved[key.strip()] = {'value': value.strip(), 'file': conf_file}
+            except (FileNotFoundError, PermissionError):
+                continue
+        return saved
+
+    def compare_live_vs_saved(self):
+        """Compare live sysctl values with saved config."""
+        saved = self.get_saved_settings()
+        diffs = []
+        for param, config in saved.items():
+            live = self._get_sysctl(param)
+            if live is not None and live != config['value']:
+                diffs.append({
+                    'param': param,
+                    'live': live,
+                    'saved': config['value'],
+                    'file': config['file'],
+                })
+        return diffs
+
+    def get_score(self):
+        """Calculate security hardening score."""
+        results = self.check_all_params()
+        if not results: return 0
+        compliant = sum(1 for r in results if r['compliant'])
+        return round(compliant / len(results) * 100)
+
+    def audit(self):
+        """Run kernel security audit."""
+        issues = []
+        results = self.check_all_params()
+        for r in results:
+            if not r['compliant']:
+                issues.append({
+                    'severity': r['severity'],
+                    'param': r['param'],
+                    'message': f"{r['description']}: current={r['current']}, recommended={r['recommended']}",
+                })
+
+        diffs = self.compare_live_vs_saved()
+        for d in diffs:
+            issues.append({
+                'severity': 'info',
+                'param': d['param'],
+                'message': f"Live ({d['live']}) differs from saved ({d['saved']}) in {d['file']}",
+            })
+
+        return issues
+
+    def print_report(self):
+        """Print formatted kernel audit report."""
+        results = self.check_all_params()
+        score = self.get_score()
+        issues = self.audit()
+
+        print(f"\n{'='*60}")
+        print(f"  Kernel Security Hardening Report")
+        print(f"  Score: {score}/100")
+        print(f"{'='*60}")
+
+        for r in results:
+            icon = '[OK]' if r['compliant'] else '[!!]'
+            print(f"  {icon} {r['param']}: {r['current']} (rec: {r['recommended']})")
+
+        diffs = self.compare_live_vs_saved()
+        if diffs:
+            print(f"\n  Live vs Saved Differences ({len(diffs)}):")
+            for d in diffs:
+                print(f"    {d['param']}: live={d['live']}, saved={d['saved']}")
+
+        if issues:
+            non_compliant = [i for i in issues if i['severity'] != 'info']
+            if non_compliant:
+                print(f"\n  Non-compliant ({len(non_compliant)}):")
+                for i in sorted(non_compliant, key=lambda x: {'critical':0,'high':1,'warning':2}.get(x['severity'],3)):
+                    print(f"    [{i['severity'].upper():8s}] {i['message']}")
+
+        print(f"\n{'='*60}")
+        print(f"  More tools: https://dargslan.com")
+        print(f"  eBooks: https://dargslan.com/books")
+        print(f"{'='*60}\n")
+
+
+__all__ = ["KernelCheck"]

dargslan_kernel_check-1.0.0/dargslan_kernel_check/cli.py

@@ -0,0 +1,31 @@
+"""CLI for dargslan-kernel-check — https://dargslan.com"""
+import argparse
+
+def main():
+    parser = argparse.ArgumentParser(
+        description="Dargslan Kernel Check — Linux kernel parameter auditor",
+        epilog="More tools at https://dargslan.com | eBooks: https://dargslan.com/books",
+    )
+    parser.add_argument("command", nargs="?", default="report",
+                       choices=["report", "score", "params", "diffs", "issues", "json"],
+                       help="Command (default: report)")
+    args = parser.parse_args()
+
+    from dargslan_kernel_check import KernelCheck
+    kc = KernelCheck()
+    import json
+
+    if args.command == 'report': kc.print_report()
+    elif args.command == 'score': print(f"  Kernel Hardening Score: {kc.get_score()}/100")
+    elif args.command == 'params':
+        for p in kc.check_all_params():
+            icon = '[OK]' if p['compliant'] else '[!!]'
+            print(f"  {icon} {p['param']}: {p['current']}")
+    elif args.command == 'diffs':
+        for d in kc.compare_live_vs_saved():
+            print(f"  {d['param']}: live={d['live']}, saved={d['saved']}")
+    elif args.command == 'issues':
+        for i in kc.audit(): print(f"  [{i['severity'].upper()}] {i['param']}: {i['message']}")
+    elif args.command == 'json': print(json.dumps(kc.audit(), indent=2))
+
+if __name__ == "__main__": main()

dargslan_kernel_check-1.0.0/dargslan_kernel_check.egg-info/PKG-INFO

@@ -0,0 +1,65 @@
+Metadata-Version: 2.4
+Name: dargslan-kernel-check
+Version: 1.0.0
+Summary: Linux kernel parameter checker — audit sysctl hardening, compare live vs saved settings, and security recommendations
+Author-email: Dargslan <info@dargslan.com>
+License: MIT
+Project-URL: Homepage, https://dargslan.com
+Project-URL: Documentation, https://dargslan.com/blog
+Project-URL: Repository, https://github.com/Dargslan
+Project-URL: Free Cheat Sheets, https://dargslan.com/cheat-sheets
+Project-URL: Linux & DevOps Books, https://dargslan.com/books
+Keywords: kernel,sysctl,hardening,security,linux,sysadmin,devops
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: System Administrators
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Security
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Dynamic: license-file
+
+# dargslan-kernel-check
+
+**Linux Kernel Parameter Checker** — Audit sysctl hardening, compare live vs saved settings, security scoring. Zero external dependencies.
+
+[![PyPI version](https://img.shields.io/pypi/v/dargslan-kernel-check)](https://pypi.org/project/dargslan-kernel-check/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+## Installation
+
+```bash
+pip install dargslan-kernel-check
+```
+
+## CLI Usage
+
+```bash
+dargslan-kernel report        # Full hardening report with score
+dargslan-kernel score         # Security score out of 100
+dargslan-kernel params        # All security parameters
+dargslan-kernel diffs         # Live vs saved differences
+dargslan-kernel json          # JSON output
+```
+
+## Python API
+
+```python
+from dargslan_kernel_check import KernelCheck
+kc = KernelCheck()
+score = kc.get_score()
+params = kc.check_all_params()
+kc.print_report()
+```
+
+## More from Dargslan
+
+- [Dargslan.com](https://dargslan.com) — Linux & DevOps eBook Store
+- [Free Cheat Sheets](https://dargslan.com/cheat-sheets)
+- [Blog & Tutorials](https://dargslan.com/blog)
+
+## License
+
+MIT — see [LICENSE](LICENSE)

dargslan_kernel_check-1.0.0/dargslan_kernel_check.egg-info/SOURCES.txt

@@ -0,0 +1,10 @@
+LICENSE
+README.md
+pyproject.toml
+dargslan_kernel_check/__init__.py
+dargslan_kernel_check/cli.py
+dargslan_kernel_check.egg-info/PKG-INFO
+dargslan_kernel_check.egg-info/SOURCES.txt
+dargslan_kernel_check.egg-info/dependency_links.txt
+dargslan_kernel_check.egg-info/entry_points.txt
+dargslan_kernel_check.egg-info/top_level.txt

dargslan_kernel_check-1.0.0/dargslan_kernel_check.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

dargslan_kernel_check-1.0.0/dargslan_kernel_check.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+dargslan-kernel = dargslan_kernel_check.cli:main

dargslan_kernel_check-1.0.0/dargslan_kernel_check.egg-info/top_level.txt

@@ -0,0 +1 @@
+dargslan_kernel_check

dargslan_kernel_check-1.0.0/pyproject.toml

@@ -0,0 +1,31 @@
+[build-system]
+requires = ["setuptools>=61.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "dargslan-kernel-check"
+version = "1.0.0"
+description = "Linux kernel parameter checker — audit sysctl hardening, compare live vs saved settings, and security recommendations"
+readme = "README.md"
+license = {text = "MIT"}
+requires-python = ">=3.7"
+authors = [{name = "Dargslan", email = "info@dargslan.com"}]
+keywords = ["kernel", "sysctl", "hardening", "security", "linux", "sysadmin", "devops"]
+classifiers = [
+    "Development Status :: 5 - Production/Stable",
+    "Intended Audience :: System Administrators",
+    "License :: OSI Approved :: MIT License",
+    "Operating System :: POSIX :: Linux",
+    "Programming Language :: Python :: 3",
+    "Topic :: Security",
+]
+
+[project.urls]
+Homepage = "https://dargslan.com"
+Documentation = "https://dargslan.com/blog"
+Repository = "https://github.com/Dargslan"
+"Free Cheat Sheets" = "https://dargslan.com/cheat-sheets"
+"Linux & DevOps Books" = "https://dargslan.com/books"
+
+[project.scripts]
+dargslan-kernel = "dargslan_kernel_check.cli:main"

dargslan_kernel_check-1.0.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+