checksec.1 2.04 KB
Newer Older
slimm609's avatar
slimm609 committed
1
2
3
\" Process this file with
.\" groff -man -Tascii foo.1
.\"
slimm609's avatar
slimm609 committed
4
.TH CHECKSEC 1 "FEBURARY 2019" Linux "User Manuals"
slimm609's avatar
slimm609 committed
5
6
7
8
9
10
11
12
13
14
15
.SH NAME
checksec \- check executables and kernel properties
.SH SYNOPSIS
.B checksec [options] [file]
.SH DESCRIPTION
.B checksec
is a bash script used to check the properties of executables 
(like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source) and kernel security 
options (like GRSecurity and SELinux).
.SH OPTIONS
.TP
slimm609's avatar
slimm609 committed
16
\fB\--output=\fP or \fB\--format=\fP \fB{cli|csv|xml|json}\fP
slimm609's avatar
slimm609 committed
17
18
19
Output the results in different formats for ingestion to other applications.
NOTE: This option must go before any other options currently
.TP
slimm609's avatar
slimm609 committed
20
\fB\--help\fP
slimm609's avatar
slimm609 committed
21
22
Displays the help text
.TP
slimm609's avatar
slimm609 committed
23
\fB\--file={filename}\fP
slimm609's avatar
slimm609 committed
24
25
Checks individual files for security features compiled into the executable
.TP
slimm609's avatar
slimm609 committed
26
\fB\--dir={directory}\fP
slimm609's avatar
slimm609 committed
27
28
Recursively checks all executable files in the directory for security features compiled into the executables
.TP
slimm609's avatar
slimm609 committed
29
\fB\--proc={pid}\fP
slimm609's avatar
slimm609 committed
30
31
Checks the security features of a running process by name
.TP
slimm609's avatar
slimm609 committed
32
\fB\--proc-all\fP
slimm609's avatar
slimm609 committed
33
34
Checks the security features of all running processes
.TP
slimm609's avatar
slimm609 committed
35
\fB\--proc-libs\fP
slimm609's avatar
slimm609 committed
36
37
Checks the security features of the all libraries of a running process ID
.TP
slimm609's avatar
slimm609 committed
38
\fB\--kernel[=kconfig]\fP
slimm609's avatar
slimm609 committed
39
40
Checks the security features of the running kernel or a specified kernel config
.TP
slimm609's avatar
slimm609 committed
41
\fB\--fortify-file={filename}\fP
slimm609's avatar
slimm609 committed
42
43
Checks the fortifiability of a file and if any of the fortifiable features have already been compiled into the file
.TP
slimm609's avatar
slimm609 committed
44
\fB\--fortify-proc={pid}\fP
slimm609's avatar
slimm609 committed
45
46
47
48
49
Checks the fortifiability of a running process and if any of the fortifiable features have already been compiled in  
.TP
\fB\--version\fP 
Shows the current version of the running software
.TP
slimm609's avatar
slimm609 committed
50
\fB\--update\fP or \fB\--upgrade\fP
slimm609's avatar
slimm609 committed
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
Checks source for a signed update and updates the application if available

.SH DIAGNOSTICS
The following diagnostics may be issued on stderr:
 
Permission Denied.
.RS
For most of the checks you must be root..
.RE
Debugging 
.RS
\fB\--debug\fP option can be specified for debug level output
.SH AUTHORS
Brian Davis <slimm609 at gmail dot com>
.RE
Checksec was originally written by Tobias Klein