table of contents
CHECKSEC(1) | User Manuals | CHECKSEC(1) |
NAME¶
checksec - check executables and kernel propertiesSYNOPSIS¶
checksec [options] [file]DESCRIPTION¶
checksec is a bash script used to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source) and kernel security options (like GRSecurity and SELinux).OPTIONS¶
- -o or --output or --format {cli|csv|xml|json}
- Output the results in different formats for ingestion to other applications. NOTE: This option must go before any other options currently
- -h or --help
- Displays the help text
- -f or --file
- Checks individual files for security features compiled into the executable
- -d or --dir
- Recursively checks all executable files in the directory for security features compiled into the executables
- -p or --proc
- Checks the security features of a running process by name
- -pa or --proc-all
- Checks the security features of all running processes
- -pl or --proc-libs
- Checks the security features of the all libraries of a running process ID
- -k or --kernel
- Checks the security features of the running kernel or a specified kernel config
- -ff or --fortify-file
- Checks the fortifiability of a file and if any of the fortifiable features have already been compiled into the file
- -fp or --fortify-proc
- Checks the fortifiability of a running process and if any of the fortifiable features have already been compiled in
- --version
- Shows the current version of the running software
- -u or --update or --upgrade
- Checks source for a signed update and updates the application if available
DIAGNOSTICS¶
The following diagnostics may be issued on stderr:Permission Denied.
For most of the checks you must be root..
Debugging
--debug option can be specified for debug level
output
AUTHORS¶
Brian Davis <slimm609 at gmail dot com>Checksec was originally written by Tobias Klein
FEBURARY 2016 | Linux |