checksec.sh

A little tool for quickly surveying the mitigation technologies in use by processes on a Linux system.

Latest Version: v1.5 from 2011

Modern Linux distributions offer some mitigation techniques to make it harder to exploit software vulnerabilities reliably. Mitigations such as RELRO, NoExecute (NX), Stack Canaries, Address Space Layout Randomization (ASLR) and Position Independent Executables (PIE) have made reliably exploiting any vulnerabilities that do exist far more challenging. The checksec.sh script is designed to test what standard Linux OS and PaX security features are being used.

ⓘ Note

You can read more about the origin of the script here. 🧐

Usage Examples.

Check out the Release Notes for examples on how to use checksec.sh, as well as for background information on the features.

Latest Version.

You can download the latest version 1.5 of checksec.sh here.

For information on enhancements and defect fixes, please refer to the Release Notes.

SHA-256:

77b8a7fd9393d10def665658a41176ee745d5c7969a4a0f43cefcc8a4cd90947

Frequently Asked Questions.

What are the prerequisites to run checksec.sh?

checksec.sh depends on Bash version 3.2 and higher. Furthermore, the readelf command, which is part of the binutils package, is required for most of the checks.

When I try to run checksec.sh I get the error message -bash: ./checksec.sh: Permission denied. What am I doing wrong?

It seems that the script file is not executable. Try the following command: chmod +x checksec.sh

Which Linux distributions are supported?

checksec.sh should work on all Linux distributions. I successfully tested the script on Ubuntu Desktop and Server Edition, Fedora, openSUSE and Gentoo (Hardened).

History and Changes.

Version	Date	Changes
1.5	17-Nov-2011	Release Notes
1.4	14-Jan-2011	Release Notes
1.3.1	15-Jun-2010	New License
1.3	04-May-2010	Release Notes
1.2	02-Jan-2010	Release Notes
1.1	27-Dec-2009	Release Notes
1.0	28-Jan-2009	Release Notes