A little tool for quickly surveying the mitigation technologies in use by processes on a Linux system.
Latest Version: v1.5 from 2011
Modern Linux distributions offer some mitigation techniques to make it harder to exploit software vulnerabilities reliably. Mitigations such as RELRO, NoExecute (NX), Stack Canaries, Address Space Layout Randomization (ASLR) and Position Independent Executables (PIE) have made reliably exploiting any vulnerabilities that do exist far more challenging. The checksec.sh script is designed to test what standard Linux OS and PaX security features are being used.
You can read more about the origin of the script here. 🧐
Check out the Release Notes for examples on how to use checksec.sh, as well as for background information on the features.
You can download the latest version 1.5 of checksec.sh here.
For information on enhancements and defect fixes, please refer to the Release Notes.
Frequently Asked Questions.
checksec.sh depends on Bash version 3.2 and higher. Furthermore, the readelf command, which is part of the binutils package, is required for most of the checks.
It seems that the script file is not executable. Try the following command: chmod +x checksec.sh
checksec.sh should work on all Linux distributions. I successfully tested the script on Ubuntu Desktop and Server Edition, Fedora, openSUSE and Gentoo (Hardened).
History and Changes.