1CHECKSEC(1) User Manuals CHECKSEC(1)
3
7 checksec - check executables and kernel properties
8
10 checksec [options] [file]
11
13 checksec is a bash script used to check the properties of executables
14 (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source) and kernel secu‐
15 rity options (like GRSecurity and SELinux).
16
18 --output= or --format= {cli|csv|xml|json}
19 Output the results in different formats for ingestion to other
20 applications. NOTE: This option must go before any other op‐
21 tions currently
22 --help Displays the help text
24 --file={filename}
26 Checks individual files for security features compiled into the
27 executable
28 --dir={directory}
30 Recursively checks all executable files in the directory for se‐
31 curity features compiled into the executables
32 --proc={pid}
34 Checks the security features of a running process by name
35 --proc-all
37 Checks the security features of all running processes
38 --proc-libs
40 Checks the security features of the all libraries of a running
41 process ID
42 --kernel[=kconfig]
44 Checks the security features of the running kernel or a speci‐
45 fied kernel config
46 --fortify-file={filename}
48 Checks the fortifiability of a file and if any of the fortifi‐
49 able features have already been compiled into the file
50 --fortify-proc={pid}
52 Checks the fortifiability of a running process and if any of the
53 fortifiable features have already been compiled in
54 --version
56 Shows the current version of the running software
57 --update or --upgrade
59 Checks source for a signed update and updates the application if
60 available
61
64 The following diagnostics may be issued on stderr:
65 Permission Denied.
67 For most of the checks you must be root..
68 Debugging
69 --debug option can be specified for debug level output
70
72 Brian Davis <slimm609 at gmail dot com>
73 Checksec was originally written by Tobias Klein
74Linux FEBRUARY 2019 CHECKSEC(1)