1CHECKSEC(1) User Manuals CHECKSEC(1)
3
7 checksec - check executables and kernel properties
8
10 checksec [options] [file]
11
13 checksec is a bash script used to check the properties of executables
14 (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source) and kernel secu‐
15 rity options (like GRSecurity and SELinux).
16
18 -o or --output or --format {cli|csv|xml|json}
19 Output the results in different formats for ingestion to other
20 applications. NOTE: This option must go before any other
21 options currently
22 -h or --help
24 Displays the help text
25 -f or --file
27 Checks individual files for security features compiled into the
28 executable
29 -d or --dir
31 Recursively checks all executable files in the directory for
32 security features compiled into the executables
33 -p or --proc
35 Checks the security features of a running process by name
36 -pa or --proc-all
38 Checks the security features of all running processes
39 -pl or --proc-libs
41 Checks the security features of the all libraries of a running
42 process ID
43 -k or --kernel
45 Checks the security features of the running kernel or a speci‐
46 fied kernel config
47 -ff or --fortify-file
49 Checks the fortifiability of a file and if any of the fortifi‐
50 able features have already been compiled into the file
51 -fp or --fortify-proc
53 Checks the fortifiability of a running process and if any of the
54 fortifiable features have already been compiled in
55 --version
57 Shows the current version of the running software
58 -u or --update or --upgrade
60 Checks source for a signed update and updates the application if
61 available
62
65 The following diagnostics may be issued on stderr:
66 Permission Denied.
68 For most of the checks you must be root..
69 Debugging
70 --debug option can be specified for debug level output
71
73 Brian Davis <slimm609 at gmail dot com>
74 Checksec was originally written by Tobias Klein
75Linux FEBURARY 2016 CHECKSEC(1)