checksec (7) Linux Manual Page
checksec – check executables and kernel properties
Synopsis
checksec [options] [file]
Description
checksec is a bash script used to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source) and kernel security options (like GRSecurity and SELinux).
Options
-oor–outputor–format{cli|csv|xml|json}- Output the results in different formats for ingestion to other applications. NOTE: This option must go before any other options currently
-hor–help- Displays the help text
-for–file- Checks individual files for security features compiled into the executable
-dor–dir- Recursively checks all executable files in the directory for security features compiled into the executables
-por–proc- Checks the security features of a running process by name
-paor–proc-all- Checks the security features of all running processes
-plor–proc-libs- Checks the security features of the all libraries of a running process ID
-kor–kernel- Checks the security features of the running kernel or a specified kernel config
-ffor–fortify-file- Checks the fortifiability of a file and if any of the fortifiable features have already been compiled into the file
-fpor–fortify-proc- Checks the fortifiability of a running process and if any of the fortifiable features have already been compiled in
–version- Shows the current version of the running software
-uor–updateor–upgrade- Checks source for a signed update and updates the application if available
Diagnostics
The following diagnostics may be issued on stderr:
- For most of the checks you must be root..
Debugging
–debugoption can be specified for debug level output
Authors
Brian Davis <slimm609 at gmail dot com> Checksec was originally written by Tobias Klein
