Description
A command-line tool for checking Linux kernel security hardening options. Administrators and security teams use it to compare kernel configuration against hardening recommendations.
Use it for auditing and diagnostics, not as an automatic fix. Recommendations must be evaluated against hardware, workload and distribution policy before changing a kernel.