diff --git a/.gitmodules b/.gitmodules
index 9fcc92f..a9b4f62 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,6 @@
 [submodule "tools/checksec.sh"]
 	path = tools/checksec
 	url = https://github.com/slimm609/checksec.sh.git
+[submodule "tools/kconfig-hardened-check"]
+	path = tools/kconfig-hardened-check
+	url = https://github.com/a13xp0p0v/kconfig-hardened-check.git
diff --git a/hooks/filesystem.py b/hooks/filesystem.py
index 6768264..a4589a8 100644
--- a/hooks/filesystem.py
+++ b/hooks/filesystem.py
@@ -69,7 +69,7 @@ def guestfs_instance(self):
 def guest_local_file(gfs, remote_file):
     with NamedTemporaryFile() as temp:
         gfs.download(remote_file, temp.name)
-        yield temp.name
+        yield remote_file, temp.name
 
 
 class FilesystemHook(Hook):
@@ -147,8 +147,9 @@ def walk_capture(self, node):
         self.context.trigger('filesystem_new_inode', inode=inode)
         # download and execute trigger on local file
         if InodeType(inode.inode_type) == InodeType.REG:
-            with guest_local_file(self.gfs, str(node)) as local_file:
-                self.context.trigger('filesystem_new_file', filepath=local_file, inode=inode)
+            with guest_local_file(self.gfs, str(node)) as (remote_file, local_file):
+                self.context.trigger('filesystem_new_file', guest_filepath=remote_file, local_filepath=local_file,
+                                     inode=inode)
         # walk
         if self.gfs.is_dir(str(node)):
             entries = self.list_entries(node)
@@ -162,7 +163,7 @@ def walk_capture(self, node):
         return inode
 
     def process_new_file(self, event):
-        filepath = event.filepath
+        filepath = event.local_filepath
         inode = event.inode
         # determine MIME type
         mime_type = subprocess.check_output(['file', '-bi', filepath]).decode().rstrip()
diff --git a/hooks/security.py b/hooks/security.py
index 04ab4df..c2be0fd 100644
--- a/hooks/security.py
+++ b/hooks/security.py
@@ -26,6 +26,7 @@ class ChecksecFile:
 class SecurityHook(Hook):
 
     CHECKSEC_BIN = Path(__file__).parent.parent/"tools"/"checksec"/"checksec"
+    KCONFIG_BIN = Path(__file__).parent.parent/"tools"/"kconfig-hardened-check"/"kconfig-hardened-check.py"
 
     def __init__(self, parameters):
         super().__init__(parameters)
@@ -34,7 +35,12 @@ def __init__(self, parameters):
             raise RuntimeError('Cannot find checksec, did you forget to init the submodule ?')
         self.checksec = str(self.CHECKSEC_BIN)
 
+        if not self.KCONFIG_BIN.exists():
+            raise RuntimeError('Cannot find kconfig-hardened-check, did you forget to init the submodule ?')
+        self.kconfig = str(self.KCONFIG_BIN)
+
         self.context.subscribe('filesystem_new_file_mime', self.check_file)
+        self.context.subscribe('filesystem_new_file', self.kconfig_check)
 
     def check_file(self, event):
         filepath = event.filepath
diff --git a/tools/kconfig-hardened-check b/tools/kconfig-hardened-check
new file mode 160000
index 0000000..3dc3f6e
--- /dev/null
+++ b/tools/kconfig-hardened-check
@@ -0,0 +1 @@
+Subproject commit 3dc3f6e9e67e5206575acb5009f472cff780328d