1. Manuals
  2. Tumbleweed
  3. checksec
  4. checksec(1)

Scroll to navigation

checksec(1) General Commands Manual checksec(1)

NAME

checkseccheck executables and kernel properties

SYNOPSIS

checksec [--options] [file]

DESCRIPTION

checksec is a bash script used to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source), library calls (Fortify Source), and kernel security options (like GRSecurity and SELinux).

Options

Options specifying input and action:

=filename
Checks individual files for security features compiled into the executable
=directory
Recursively checks all executable files in the directory for security features compiled into the executables
=listfile
Check all files specified in a newline-separeted text file for security features compiled into the executable
=pid
Checks the security features of a running process by name
Checks the security features of all running processes
Checks the security features of the all libraries of a running process ID
[=config]
Checks the security features of the running kernel or a specified kernel config
=filename
Checks for the use of fortifiable and fortified library functions in a file
=pid
Checks for the use of fortifiable and fortified library functions in a running process

Options modifying behavior:

Enable debug-level output.
Check for additional security features (e.g. Clang CFI, SafeStack)
=path
Specify the libc file path or a search path
=(cli|csv|xml|json), or --format=(cli|csv|xml|json)
Output the results in different formats for ingestion to other applications.
Enable bash tracing (set -x).

Miscellaneous options:

Generate a system report and exit.
or --help
Displays the help text and exit
or --upgrade
Checks source for a signed update and updates the application if available and exit
Shows the current version of the running software and exit

DIAGNOSTICS

The following diagnostics may be issued on stderr:

Permission Denied.
For most of the checks you must be root.

SEE ALSO

hardening-check(1), feature_test_macros(7), gcc(1), ld(1)

HISTORY

checksec was originally written by Tobias Klein. This version is expanded and maintained by Brian Davis <slimm609@gmail.com>

March 2023 Linux 5.14.21-150500.55.52-default