checksec (7) - Linux Manuals
checksec: check executables and kernel properties
Command to display checksec manual in Linux: $ man 7 checksec
NAME
checksec - check executables and kernel properties
SYNOPSIS
checksec [options] [file]
DESCRIPTION
checksec
is a bash script used to check the properties of executables
(like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source) and kernel security
options (like GRSecurity and SELinux).
OPTIONS
- -o or --output or --format {cli|csv|xml|json}
-
Output the results in different formats for ingestion to other applications.
NOTE: This option must go before any other options currently
- -h or --help
-
Displays the help text
- -f or --file
-
Checks individual files for security features compiled into the executable
- -d or --dir
-
Recursively checks all executable files in the directory for security features compiled into the executables
- -p or --proc
-
Checks the security features of a running process by name
- -pa or --proc-all
-
Checks the security features of all running processes
- -pl or --proc-libs
-
Checks the security features of the all libraries of a running process ID
- -k or --kernel
-
Checks the security features of the running kernel or a specified kernel config
- -ff or --fortify-file
-
Checks the fortifiability of a file and if any of the fortifiable features have already been compiled into the file
- -fp or --fortify-proc
-
Checks the fortifiability of a running process and if any of the fortifiable features have already been compiled in
- --version
-
Shows the current version of the running software
- -u or --update or --upgrade
-
Checks source for a signed update and updates the application if available
DIAGNOSTICS
The following diagnostics may be issued on stderr:
Permission Denied.
-
For most of the checks you must be root..
Debugging
-
--debug option can be specified for debug level output
AUTHORS
Brian Davis <slimm609 at gmail dot com>
Checksec was originally written by Tobias Klein