1
2CHECKSEC(1)                      User Manuals                      CHECKSEC(1)
3
4
5

NAME

7       checksec - check executables and kernel properties
8

SYNOPSIS

10       checksec [options] [file]
11

DESCRIPTION

13       checksec  is  a bash script used to check the properties of executables
14       (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source) and kernel secu‐
15       rity options (like GRSecurity and SELinux).
16

OPTIONS

18       --output= or --format= {cli|csv|xml|json}
19              Output  the  results in different formats for ingestion to other
20              applications.  NOTE: This option must go before  any  other  op‐
21              tions currently
22
23       --help Displays the help text
24
25       --file={filename}
26              Checks  individual files for security features compiled into the
27              executable
28
29       --dir={directory}
30              Recursively checks all executable files in the directory for se‐
31              curity features compiled into the executables
32
33       --proc={pid}
34              Checks the security features of a running process by name
35
36       --proc-all
37              Checks the security features of all running processes
38
39       --proc-libs
40              Checks  the  security features of the all libraries of a running
41              process ID
42
43       --kernel[=kconfig]
44              Checks the security features of the running kernel or  a  speci‐
45              fied kernel config
46
47       --fortify-file={filename}
48              Checks  the  fortifiability of a file and if any of the fortifi‐
49              able features have already been compiled into the file
50
51       --fortify-proc={pid}
52              Checks the fortifiability of a running process and if any of the
53              fortifiable features have already been compiled in
54
55       --version
56              Shows the current version of the running software
57
58       --update or --upgrade
59              Checks source for a signed update and updates the application if
60              available
61
62

DIAGNOSTICS

64       The following diagnostics may be issued on stderr:
65
66       Permission Denied.
67              For most of the checks you must be root..
68       Debugging
69              --debug option can be specified for debug level output
70

AUTHORS

72       Brian Davis <slimm609 at gmail dot com>
73       Checksec was originally written by Tobias Klein
74
75
76
77Linux                            FEBRUARY 2019                     CHECKSEC(1)
Impressum