NAME¶

checksec - check executables and kernel properties

SYNOPSIS¶

checksec [options] [file]

DESCRIPTION¶

checksec is a bash script used to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source) and kernel security options (like GRSecurity and SELinux).

OPTIONS¶

--output= or --format= {cli|csv|xml|json}: Output the results in different formats for ingestion to other applications. NOTE: This option must go before any other options currently
--help: Displays the help text
--file={filename}: Checks individual files for security features compiled into the executable
--dir={directory}: Recursively checks all executable files in the directory for security features compiled into the executables
--proc={pid}: Checks the security features of a running process by name
--proc-all: Checks the security features of all running processes
--proc-libs: Checks the security features of the all libraries of a running process ID
--kernel[=kconfig]: Checks the security features of the running kernel or a specified kernel config
--fortify-file={filename}: Checks the fortifiability of a file and if any of the fortifiable features have already been compiled into the file
--fortify-proc={pid}: Checks the fortifiability of a running process and if any of the fortifiable features have already been compiled in
--version: Shows the current version of the running software
--update or --upgrade: Checks source for a signed update and updates the application if available

DIAGNOSTICS¶

The following diagnostics may be issued on stderr:

Permission Denied.

For most of the checks you must be root..

Debugging

--debug option can be specified for debug level output

AUTHORS¶

Brian Davis <slimm609 at gmail dot com>
Checksec was originally written by Tobias Klein

FEBRUARY 2019

Linux

Source file:	checksec.1.en.gz (from checksec 2.6.0-2)
Source last updated:	2022-12-17T08:09:32Z
Converted to HTML:	2024-10-21T18:28:31Z