Commit e6b98219 authored by slimm609's avatar slimm609
Browse files

signed update

parent b8b8bb36
......@@ -10,7 +10,7 @@ Updates
- Changed structure to be more modular and switched to getopts so options can be in any order. e.g. format=json can be at the end now, however.
- All options now require `--$option=$value` instead of `--$option $value`
Last Update: 2019-07-23
Last Update: 2019-07-24
For OSX
-------
......
......@@ -68,10 +68,10 @@ format="cli"
SCRIPT_NAME="checksec"
SCRIPT_URL="https://github.com/slimm609/checksec.sh/raw/master/${SCRIPT_NAME}"
SIG_URL="https://github.com/slimm609/checksec.sh/raw/master/$(basename ${SCRIPT_NAME} .sh).sig"
SCRIPT_VERSION=2019072301
SCRIPT_VERSION=2019072401
SCRIPT_MAJOR=2
SCRIPT_MINOR=0
SCRIPT_REVISION=0
SCRIPT_REVISION=1
pkg_release=false
commandsmissing=false
OPT=0
......@@ -231,20 +231,20 @@ version() {
# help
help() {
echo "Usage: checksec [--output {cli|csv|xml|json}] [OPTION]"
echo "Usage: checksec [--format={cli,csv,xml,json}] [OPTION]"
echo
echo
echo "Options:"
echo
echo " ## Checksec Options"
echo " --file=<file>"
echo " --dir=<directory>"
echo " --proc=<process name>"
echo " --file={file}"
echo " --dir={directory}"
echo " --proc={process name}"
echo " --proc-all"
echo " --proc-libs=<process ID>"
echo " --kernel=[kconfig]"
echo " --fortify-file=<executable-file>"
echo " --fortify-proc=<process ID>"
echo " --proc-libs={process ID}"
echo " --kernel[=kconfig]"
echo " --fortify-file={executable-file}"
echo " --fortify-proc={process ID}"
echo " --version"
echo " --help"
if ! ${pkg_release}; then
......@@ -254,7 +254,8 @@ help() {
echo " ## Modifiers"
echo " --debug"
echo " --verbose"
echo " --format=[cli|csv|xml|json]"
echo " --format={cli,csv,xml,json}"
echo " --output={cli,csv,xml,json}"
echo
echo "For more information, see:"
echo " http://github.com/slimm609/checksec.sh"
......@@ -1831,7 +1832,7 @@ while getopts "${optspec}" optchar; do
upgrade
exit 0
;;
format=*)
format=*|output=*)
output_format=${OPTARG#*=}
format
;;
......@@ -1889,8 +1890,11 @@ while getopts "${optspec}" optchar; do
esac
done
if [[ "${OPT}" != 1 ]]; then
printf "\033[31mError: To many options selected. Please select one at a time.\033[m\n\n"
if [[ "${OPT}" == 0 ]]; then
printf "\033[31mError: No option selected. Please select an option.\033[m\n\n"
exit 1
elif [[ "${OPT}" != 1 ]]; then
printf "\033[31mError: To many options selected. Please select one at a time.\033[m\n\n"
exit 1
fi
......@@ -1898,7 +1902,7 @@ for variable in CHK_DIR CHK_FILE CHK_FORTIFY_FILE CHK_FORTIFY_PROC CHK_PROC CHK_
chk_name="${variable#*_}"
if [[ -n ${!variable+x} ]]; then
if [[ ${chk_name,,} == ${!variable} ]]; then
printf "\033[31mError: Option Required.\033[m\n\n"
printf "\033[31mError: Option Required.\033[m\n\n"
help
exit 1
fi
......
No preview for this file type
\" Process this file with
.\" groff -man -Tascii foo.1
.\"
.TH CHECKSEC 1 "FEBURARY 2016" Linux "User Manuals"
.TH CHECKSEC 1 "FEBURARY 2019" Linux "User Manuals"
.SH NAME
checksec \- check executables and kernel properties
.SH SYNOPSIS
......@@ -13,41 +13,41 @@ is a bash script used to check the properties of executables
options (like GRSecurity and SELinux).
.SH OPTIONS
.TP
\fB\-o\fP or \fB\--output\fP or \fB\--format\fP \fB{cli|csv|xml|json}\fP
\fB\--output=\fP or \fB\--format=\fP \fB{cli|csv|xml|json}\fP
Output the results in different formats for ingestion to other applications.
NOTE: This option must go before any other options currently
.TP
\fB\-h\fP or \fB\--help\fP
\fB\--help\fP
Displays the help text
.TP
\fB\-f\fP or \fB\--file\fP
\fB\--file={filename}\fP
Checks individual files for security features compiled into the executable
.TP
\fB\-d\fP or \fB\--dir\fP
\fB\--dir={directory}\fP
Recursively checks all executable files in the directory for security features compiled into the executables
.TP
\fB\-p\fP or \fB\--proc\fP
\fB\--proc={pid}\fP
Checks the security features of a running process by name
.TP
\fB\-pa\fP or \fB\--proc-all\fP
\fB\--proc-all\fP
Checks the security features of all running processes
.TP
\fB\-pl\fP or \fB\--proc-libs\fP
\fB\--proc-libs\fP
Checks the security features of the all libraries of a running process ID
.TP
\fB\-k\fP or \fB\--kernel\fP
\fB\--kernel[=kconfig]\fP
Checks the security features of the running kernel or a specified kernel config
.TP
\fB\-ff\fP or \fB\--fortify-file\fP
\fB\--fortify-file={filename}\fP
Checks the fortifiability of a file and if any of the fortifiable features have already been compiled into the file
.TP
\fB\-fp\fP or \fB\--fortify-proc\fP
\fB\--fortify-proc={pid}\fP
Checks the fortifiability of a running process and if any of the fortifiable features have already been compiled in
.TP
\fB\--version\fP
Shows the current version of the running software
.TP
\fB\-u\fP or \fB\--update\fP or \fB\--upgrade\fP
\fB\--update\fP or \fB\--upgrade\fP
Checks source for a signed update and updates the application if available
.SH DIAGNOSTICS
......
......@@ -3,18 +3,19 @@ local curcontext="$curcontext" state state_descr line
typeset -A opt_args
_arguments -C : \
'--version[print version]' \
{'(--help)-h','(-h)--help'}'[print help]' \
'--debug[debug mode]' \
{'(--help)','--help'}'[print help]' \
'--debug' \
'--verbose' \
{'(--update)--upgrade','(--upgrade)--update'}'[update program]' \
{'(--format --output)-o','(-o --output)--format','(-o --format)--output'}'[use specified output format]:output format:->format' \
{'(--dir)-d','(-d)--dir'}'[\[-v\] check specified DIR]:vdir:->vdir' \
{'(--file)-f','(-f)--file'}'[check specified FILE]:file to check:_files' \
{'(--proc)-p','(-p)--proc'}'[check specified process NAME)]:process name:->procname' \
{'(--proc-all)-pa','(-pa)--proc-all'}'[check all processes]' \
{'(--proc-libs)-pl','(-pl)--proc-libs'}'[check specified ID'\''s process libs)]:process ID to check: _pids' \
{'(--kernel)-k','(-k)--kernel'}'[check kernel]' \
{'(--fortify-file)-ff','(-ff)--fortify-file'}'[check specified FILE for fortify)]:file for fortify:_files' \
{'(--fortify-proc)-fp','(-fp)--fortify-proc'}'[check specified ID'\''s process for fortify)]:process ID for fortify: _pids'
{'(--format= --output=)','(--output=)--format=','(--format=)--output='}'[use specified output format]:output format:->format' \
{'(--dir=)','--dir='}'[check specified DIR]:vdir:->vdir' \
{'(--file=)','--file='}'[check specified FILE]:file to check:_files' \
{'(--proc=)','--proc='}'[check specified process NAME)]:process name:->procname' \
{'(--proc-all)','--proc-all'}'[check all processes]' \
{'(--proc-libs)','--proc-libs'}'[check specified ID'\''s process libs)]:process ID to check: _pids' \
{'(--kernel)','--kernel'}'[check kernel]' \
{'(--fortify-file=)','--fortify-file='}'[check specified FILE for fortify)]:file for fortify:_files' \
{'(--fortify-proc=)','--fortify-proc='}'[check specified ID'\''s process for fortify)]:process ID for fortify: _pids'
local ret=$?
case $state in
format)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment