checksec (7) Linux Manual Page

checksec – check executables and kernel properties

Synopsis

checksec [options] [file]

Description

checksec is a bash script used to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source) and kernel security options (like GRSecurity and SELinux).

Options

-o or –output or –format {cli|csv|xml|json}

Output the results in different formats for ingestion to other applications. NOTE: This option must go before any other options currently

-h or –help

Displays the help text

-f or –file

Checks individual files for security features compiled into the executable

-d or –dir

Recursively checks all executable files in the directory for security features compiled into the executables

-p or –proc

Checks the security features of a running process by name

-pa or –proc-all

Checks the security features of all running processes

-pl or –proc-libs

Checks the security features of the all libraries of a running process ID

-k or –kernel

Checks the security features of the running kernel or a specified kernel config

-ff or –fortify-file

Checks the fortifiability of a file and if any of the fortifiable features have already been compiled into the file

-fp or –fortify-proc

Checks the fortifiability of a running process and if any of the fortifiable features have already been compiled in

–version

Shows the current version of the running software

-u or –update or –upgrade

Checks source for a signed update and updates the application if available

Diagnostics

The following diagnostics may be issued on stderr:
  Permission Denied.

For most of the checks you must be root..

Debugging

–debug option can be specified for debug level output

Authors

Brian Davis <slimm609 at gmail dot com> Checksec was originally written by Tobias Klein