checksec man page

checksec — check executables and kernel properties

Synopsis

checksec [options] [file]

Description

checksec is a bash script used to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source) and kernel security options (like GRSecurity and SELinux).

Options

-o or --output or --format {cli|csv|xml|json}
Output the results in different formats for ingestion to other applications. NOTE: This option must go before any other options currently
-h or --help
Displays the help text
-f or --file
Checks individual files for security features compiled into the executable
-d or --dir
Recursively checks all executable files in the directory for security features compiled into the executables
-p or --proc
Checks the security features of a running process by name
-pa or --proc-all
Checks the security features of all running processes
-pl or --proc-libs
Checks the security features of the all libraries of a running process ID
-k or --kernel
Checks the security features of the running kernel or a specified kernel config
-ff or --fortify-file
Checks the fortifiability of a file and if any of the fortifiable features have already been compiled into the file
-fp or --fortify-proc
Checks the fortifiability of a running process and if any of the fortifiable features have already been compiled in
--version
Shows the current version of the running software
-u or --update or --upgrade
Checks source for a signed update and updates the application if available

Diagnostics

The following diagnostics may be issued on stderr:
Permission Denied.

For most of the checks you must be root..

Debugging

--debug option can be specified for debug level output

Authors

Brian Davis <slimm609 at gmail dot com> Checksec was originally written by Tobias Klein

Info

FEBURARY 2016 Linux User Manuals