Rev-2021101001 Brian Davis * update to 2.5.0 * split checksec into multiple files for easier maintenance and debugging * remove space between options and only support `=` until refactor can happen * Add pre-commit-checks * update License.txt to include BSD license Thanks @mr-segfault * Move to new Arch Linux docker images Thanks @Maryse47 * Add photon support for tests * Check journalctl -k for NX protection Thanks @Tatsh * improve debug formatting Thanks @bmwiedemann * Fix shellcheck warnings and style issues Thanks @a1346054 * Make --dir option follow symlinks Rev-2020081501 Brian Davis * checksec.sh: Updated to 2.4.0 * checksec.sh: checksec_automator.sh add check x-pie-executable Thanks @ja-pa * checksec.sh: Support for list file modifier Thanks @dsuarezv * checksec.sh: Update license Thanks @mr-segfault Rev-2020052701 Brian Davis * checksec.sh: Updated to 2.2.0 * checksec.sh: fix several small issues Thanks @cgzones * checksec.sh: add selfrando checks Thanks @Estella * checksec.sh: fix json validation * checksec.sh: added github actions validation tests * checksec.sh: fix stack protector functions Thanks @cgzones * checksec.sh: improve core dump checks Thanks @cgzones * checksec.sh: Run readelf in wide mode Thanks @cgzones Rev-2019061301 Brian Davis * checksec.sh: Updated to 2.0.0 - Breaking changes in options, no longer support short options * checksec.sh: Rewrite checksec to use getopts and move to all functions * checksec.sh: add MUSL support Thanks g3ngr33n * checksec.sh: fixed coredumpcheck Rev-2019061301 Brian Davis * checksec.sh: adds Clang CFI and SafeStack checks Thanks dobin * checksec.sh: Proc-all proccheck() json fix Thanks etke * checksec.sh: Fix --proc-all json output Thanks etke * checksec.sh: Switch --proc to use pgrep and fix json output Thanks etke * checksec.sh: Fix --proc-libs json output Thanks etke * checksec.sh: Fixed some calls to readelf missing stderr redirection to /dev/null Thanks areisbr * checksec.sh: fixed several issues around json and xml formatting * checksec.sh: fixed fortify source catching false positives Rev-2019011901 Brian Davis * checksec.sh: Updated to 1.11.1 * checksec.sh: resolved issues with readelf * checksec.sh: Added docker images for testing * checksec.sh: Added armhf and aarch64 libc locations Thanks Avamander * checksec.sh: Replace FS_COUNT with fgrep Thanks Iraugusto * checksec.sh: Fixed symbols count in csv Thanks Iraugusto * checksec.sh: Fixed RW-RPATH and RW-RUNPATH Thanks Iraugusto * checksec.sh: Added stack canaries generated by intel compiler Thanks Xavier Brouckaert * checksec.sh: Mute stat errors for non-existent directories Thanks Iraugusto * checksec.sh: Removed invalid json structures and duplicate kernel checks * checksec.sh: fixed spaces in -d option * checksec.sh: Added stack-protector-string check Thanks scottellis * checksec.sh: Add arm64 specific kernel checks Thanks scottellis * checksec.sh: Add REFCOUNT_FULL to kernel tests Thanks scottellis * checksec.sh: Remove OSX support Rev-2018012401 Brian Davis * checksec.sh: Updated to 1.9.0 * checksec.sh: made all kernel checks dependant on kernel version * checksec.sh: moved man page to section 1 * checksec.sh: fixed debug flag * checksec.sh: resolved issue with -d * checksec.sh: fixed stack protector on 4.18+ kernels Thanks cheese * checksec.sh: fixed runpath name in output Thanks philipturnbull * checksec.sh: updated readme for offline testing Thanks matthew-l-weber Rev-2018012401 Brian Davis * checksec.sh: Updated to 1.8.0 * checksec.sh: resolved issue with eu-readelf debug * checksec.sh: shellcheck cleanup Rev-2017080801 Brian Davis * checksec.sh: Cleaned up if statements for proper bash expressions Rev-2016102701 Brian Davis * checksec.sh: updated to 1.7.5 * checksec.sh: added OSX support Thanks Ben Actis * checksec.sh: added space and underscore support Thanks brianmwaters * checksec.sh: cleaned up code formatting Rev-2016022002 Brian Davis * checksec.sh: updated to 1.7.4 * checksec.sh: fixed man page * checksec.sh: added pkg_release option to disable updates for packaged releases * checksec.sh: cleanup up proc-libs Rev-2016021501 Brian Davis * checksec.sh: merged in zsh completion Thanks Vaeth * checksec.sh: added man page for checksec * checksec.sh: updated readme to reflect output in place of format option Rev-2016021501 Brian Davis * checksec.sh: updated to 1.7.3 * checksec.sh: added xml and json validation tests * checksec.sh: fixed xml and json errors from validation tests * checksec.sh: expanded grsecurity checks and cleaned up formatting Rev-2016010502 Brian Davis * checksec.sh: Added some extra debug output and started cleanup. Rev-2016010501 Brian Davis * checksec.sh: Fixed sysctl path issue #20 Thanks hartwork Rev-2015122201 Brian Davis * checksec.sh: Merged in json fixes. Thanks jpouellet Rev-2015122101 Brian Davis * checksec.sh: Merged in passing in command line kernel config, x86 fix and optional tools. Thanks philippedeswert * checksec.sh: split off mandatory tool from optional tools. * checksec.sh: Updated to 1.7.1 * checksec.sh: Added Seccomp tests from olivierlemoal. Rev-2015102001 Brian Davis * checksec.sh: Set static LC_ALL to resolve LANG errors. Resolves Ticket #13 * checksec.sh: Merged in additional kernel options and arch specific options. Ticket #14 Thanks philippedeswert * checksec.sh: Updated to 1.7.0 to support revision releases. * checksec.sh: put in checks to not display checks that are for different architectures. Rev-2015091505 Brian Davis * checksec.sh: added additional debug output for troubleshooting purposes Rev-2015091401 Brian Davis * checksec.sh: added debug option for troubleshooting purposes Rev-2015091301 Brian Davis * checksec.sh: merged in changes for fedora/epel compliance Thanks Besser82 * checksec.sh: updated check binaries on run Thanks Roberto Martelloni Rev-2015060201 Brian Davis * checksec.sh: merged in fortified/fortify-able stats on --file output changed Thanks Roberto Martelloni Rev-2015011201 Brian Davis * checksec.sh: moved checksec.sh to checksec Rev-2014021802 Brian Davis * checksec.sh: merged in RODATA and STRICT_USER_COPY changes Thanks N8Fear Rev-2014021801 Brian Davis * checksec.sh: merged in JIT and MODHARDEN changes Thanks N8Fear Rev-2014021605 Brian Davis * checksec.sh: Changed --update to verify signature of updates. * checksec.sig: file added Rev-2014021601 Brian Davis * checksec.sh: Removed deprecated Kern Heap section Thanks Unspawn 2014-02-14 Brian Davis * checksec.sh: Updated to version 1.6 * checksec.sh: Implemented rev numbers and --update option * checksec.sh: Added SELinux checks as additional checks for kernel security. * checksec.sh: Added update option to pull the latest release * checksec.sh: Added fortify_source to proc-all output. * checksec.sh: Added Json, strict XML and updated Grsecurity section. * checksec.sh: Carried over Robin David's changes with XML and CSV. 2013-10-06 Robin David * add machine-readable outputs like CSV and XML 2011-11-17 Tobias Klein * 1.5 * New checks for rpath and runpath elements in the dynamic sections. Thanks to Ollie Whitehouse. * Other bugfixes and improvements - checksec.sh now takes account of the KBUILD_OUTPUT environment variable when checking the Linux kernel protection mechanisms (--kernel). Thanks to Martin Vaeth for the hint. - Some minor changes and clean-ups. Thanks to Brian Davis. - Ubuntu 11.10 support for --fortify-file and --fortify-proc. 2011-01-14 Tobias Klein * 1.4 * Support for FORTIFY_SOURCE (--fortify-file, --fortify-proc) * Lots of other bugfixes and improvements - Check if the readelf command is available - readelf support for 64-bit ELF files - Check if the requested files and directories do exist - '--dir' is now case-sensitive and correctly deals with trailing slashes - Check user permissions - Etc. 2010-06-15 Tobias Klein * 1.3.1 * New BSD License (http://www.opensource.org/licenses/bsd-license.php) 2010-05-04 Tobias Klein * 1.3 * Additional checks for a number of Linux kernel protection mechanisms. Thanks to Jon Oberheide (jon.oberheide.org). 2010-01-02 Tobias Klein * 1.2 * Additional PaX (http://pax.grsecurity.net/) checks. Thanks to Brad Spengler (grsecurity.net) for the PaX support. * Some minor fixes (coloring adjusted, 'pidof' replacement) 2009-12-27 Tobias Klein * 1.1 * New '--proc-libs' option. This option instructs checksec.sh to test the loaded libraries of a process. * Additional information on ASLR results (--proc, -proc-all, --proc-libs) Thanks to Anthony G. Basile of the Tin Hat project for the hint. * Additional CPU NX check (--proc, --proc-all, --proc-libs) 2009-01-28 Tobias Klein * 1.0 * Initial release