checksec(1)                 General Commands Manual                checksec(1)

NAME
     checksec - check executables and kernel properties

SYNOPSIS
     checksec [--options] [file]

DESCRIPTION
     checksec is a bash script used to check the properties of executables
     (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source), library calls
     (Fortify Source), and kernel security options (like GRSecurity and
     SELinux).

Options
     Options specifying input and action:

     --file=filename
             Checks individual files for security features compiled into the
             executable

     --dir=directory
             Recursively checks all executable files in the directory for
             security features compiled into the executables

     --listfile=listfile
             Check all files specified in a newline-separeted text file for
             security features compiled into the executable

     --proc=pid
             Checks the security features of a running process by name

     --proc-all
             Checks the security features of all running processes

     --proc-libs
             Checks the security features of the all libraries of a running
             process ID

     --kernel[=config]
             Checks the security features of the running kernel or a specified
             kernel config

     --fortify-file=filename
             Checks for the use of fortifiable and fortified library functions
             in a file

     --fortify-proc=pid
             Checks for the use of fortifiable and fortified library functions
             in a running process

     Options modifying behavior:

     --debug
             Enable debug-level output.

     --extended
             Check for additional security features (e.g. Clang CFI,
             SafeStack)

     --libcfile=path
             Specify the libc file path or a search path

     --output=(cli|csv|xml|json), or --format=(cli|csv|xml|json)
             Output the results in different formats for ingestion to other
             applications.

     --trace
             Enable bash tracing (set -x).

     Miscellaneous options:

     --debug_report
             Generate a system report and exit.

     -h or --help
             Displays the help text and exit

     --update or --upgrade
             Checks source for a signed update and updates the application if
             available and exit

     --version
             Shows the current version of the running software and exit



DIAGNOSTICS
     The following diagnostics may be issued on stderr:

     Permission Denied.
             For most of the checks you must be root.

SEE ALSO
     hardening-check(1), feature_test_macros(7), gcc(1), ld(1)

HISTORY
     checksec was originally written by Tobias Klein.  This version is
     expanded and maintained by Brian Davis <slimm609@gmail.com>

Linux 6.8.7-arch1-1               March 2023               Linux 6.8.7-arch1-1