checksec

It is not a coincidence that the first post in this still young year is about security. Since I realized last year how far the current internet with its "data capitalism" has strayed from its beginnings, I did a lot of reading to understand the situation in more detail. Data and Goliath by the renowned security expert Bruce Schneier was a depressing eye opener and I am currently still reading his new book Click Here to Kill Everybody which reiterates the problems in light of more recent events. If you are looking for more in depth information from somebody with a long track record, I can strongly recommend those books as a starting point.

Linux Security

One of the lessons I recently learned is that real security is extremely hard to achieve - even by the best in the field. It is also pretty much impossible for a non-specialist to evaluate the security of any given solution without much more transparency into the security design process (threat models) and the implementation methods used to avoid them (protocols, etc.).

The Linux kernel and the GNU tool chains on the other hand offer a variety of hardening features to protect a GNU/Linux system from certain vulnerabilities. Having a tool to quickly evaluation which of those methods are in effect on a given system would be a welcome tool in the toolbox, especially when custom build systems are involved rather than the well known distributions.

The application security expert Tobias Klein provides a nice shell script to do exactly that. As checksec.sh only requires the Bourne Again Shell (bash), it is immediately usable on pretty much every GNU/Linux system out there.

Read more…