checksec - Man Page
check executables and kernel properties
Synopsis
checksec [options] [file]
Description
checksec is a bash script used to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source) and kernel security options (like GRSecurity and SELinux).
Options
- --output= or --format= {cli|csv|xml|json}
Output the results in different formats for ingestion to other applications. NOTE: This option must go before any other options currently
- --help
Displays the help text
- --file={filename}
Checks individual files for security features compiled into the executable
- --dir={directory}
Recursively checks all executable files in the directory for security features compiled into the executables
- --proc={pid}
Checks the security features of a running process by name
- --proc-all
Checks the security features of all running processes
- --proc-libs
Checks the security features of the all libraries of a running process ID
- --kernel[=kconfig]
Checks the security features of the running kernel or a specified kernel config
- --fortify-file={filename}
Checks the fortifiability of a file and if any of the fortifiable features have already been compiled into the file
- --fortify-proc={pid}
Checks the fortifiability of a running process and if any of the fortifiable features have already been compiled in
- --version
Shows the current version of the running software
- --update or --upgrade
Checks source for a signed update and updates the application if available
Diagnostics
The following diagnostics may be issued on stderr:
Permission Denied.
For most of the checks you must be root..
Debugging
--debug option can be specified for debug level output
Authors
Brian Davis <slimm609 at gmail dot com>
Checksec was originally written by Tobias Klein