table of contents
checksec(1) | General Commands Manual | checksec(1) |
NAME¶
checksec
— check
executables and kernel properties
SYNOPSIS¶
checksec |
[--options ] [file] |
DESCRIPTION¶
checksec
is a bash script used to check
the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify
Source), library calls (Fortify Source), and kernel security options (like
GRSecurity and SELinux).
Options¶
Options specifying input and action:
--file
=filename- Checks individual files for security features compiled into the executable
--dir
=directory- Recursively checks all executable files in the directory for security features compiled into the executables
--listfile
=listfile- Check all files specified in a newline-separeted text file for security features compiled into the executable
--proc
=pid- Checks the security features of a running process by name
--proc-all
- Checks the security features of all running processes
--proc-libs
- Checks the security features of the all libraries of a running process ID
--kernel
[=config]- Checks the security features of the running kernel or a specified kernel config
--fortify-file
=filename- Checks for the use of fortifiable and fortified library functions in a file
--fortify-proc
=pid- Checks for the use of fortifiable and fortified library functions in a running process
Options modifying behavior:
--debug
- Enable debug-level output.
--extended
- Check for additional security features (e.g. Clang CFI, SafeStack)
--libcfile
=path- Specify the libc file path or a search path
--output
=(cli|csv|xml|json), or--format
=(cli|csv|xml|json)- Output the results in different formats for ingestion to other applications.
--trace
- Enable bash tracing (set
-x
).
Miscellaneous options:
--debug_report
- Generate a system report and exit.
-h
or--help
- Displays the help text and exit
--update
or--upgrade
- Checks source for a signed update and updates the application if available and exit
--version
- Shows the current version of the running software and exit
DIAGNOSTICS¶
The following diagnostics may be issued on stderr:
- Permission Denied.
- For most of the checks you must be root.
SEE ALSO¶
HISTORY¶
checksec
was originally written by
Tobias Klein. This version is expanded and
maintained by Brian Davis
<slimm609@gmail.com>
March 2023 | Linux 5.14.21-150500.55.52-default |