Skip to main content

checksec.html (Source)

<span style="font-weight:bold;color:green;">dzu@krikkit</span>:<span style="font-weight:bold;color:blue;">~</span>$ checksec.sh --kernel
* Kernel protection information:

  Description - List the status of kernel protection mechanisms. Rather than
  inspect kernel mechanisms that may aid in the prevention of exploitation of
  userspace processes, this option lists the status of kernel configuration
  options that harden the kernel itself against attack.

  Kernel config: <span style="color:olive;">/boot/config-4.19.0-8-amd64</span>

  Warning: The config on disk may not represent running kernel config!

  GCC stack protector support:            <span style="color:red;">Disabled</span>
  Strict user copy checks:                <span style="color:red;">Disabled</span>
  Enforce read-only kernel data:          <span style="color:red;">Disabled</span>
  Restrict /dev/mem access:               <span style="color:green;">Enabled</span>
  Restrict /dev/kmem access:              <span style="color:green;">Enabled</span>

* grsecurity / PaX: <span style="color:red;">No GRKERNSEC</span>

  The grsecurity / PaX patchset is available here:
    http://grsecurity.net/

* Kernel Heap Hardening: <span style="color:red;">No KERNHEAP</span>

  The KERNHEAP hardening patchset is available here:
    https://www.subreption.com/kernheap/

<span style="font-weight:bold;color:green;">dzu@krikkit</span>:<span style="font-weight:bold;color:blue;">~</span>$ exit