如何檢視一個ELF檔案開啟了哪些安全保護?
https://github.com/slimm609/checksec.sh
checksec
Checksec is a bash script to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source). It has been originally written by Tobias Klein and the original source is available here: http://www.trapkit.de/tools/checksec.html
Updates
Last Update: 2016-10-27
For OSX
Install the binutils via brew brew install binutils
Examples
normal (or –format cli)
$checksec.sh --file /bin/ls RELRO STACK CANARY NX PIE RPATH RUNPATH FILE Partial RELRO Canary found NX enabled No PIE No RPATH No RUNPATH /bin/ls
csv
$ checksec.sh --output csv --file /bin/ls Partial RELRO,Canary found,NX enabled,No PIE,No RPATH,No RUNPATH,/bin/ls
xml
$ checksec.sh --output xml --file /bin/ls <?xml version="1.0" encoding="UTF-8"?> <file relro="partial" canary="yes" nx="yes" pie="no" rpath="no" runpath="no" filename=`/bin/ls`/>
json
$ checksec.sh --output json --file /bin/ls { "file": { "relro":"partial","canary":"yes","nx":"yes","pie":"no","rpath":"no","runpath":"no","filename":"/bin/ls"
Fortify test in cli
$ checksec.sh --fortify-proc 1 * Process name (PID) : init (1) * FORTIFY_SOURCE support available (libc) : Yes * Binary compiled with FORTIFY_SOURCE support: Yes ------ EXECUTABLE-FILE ------- . -------- LIBC -------- FORTIFY-able library functions | Checked function names ------------------------------------------------------- fdelt_chk | __fdelt_chk read | __read_chk syslog_chk | __syslog_chk fprintf_chk | __fprintf_chk vsnprintf_chk | __vsnprintf_chk fgets | __fgets_chk strncpy | __strncpy_chk snprintf_chk | __snprintf_chk memset | __memset_chk strncat_chk | __strncat_chk memcpy | __memcpy_chk fread | __fread_chk sprintf_chk | __sprintf_chk SUMMARY: * Number of checked functions in libc : 78 * Total number of library functions in the executable: 116 * Number of FORTIFY-able functions in the executable : 13 * Number of checked functions in the executable : 7 * Number of unchecked functions in the executable : 6
Kernel test in Cli
$ checksec.sh --kernel * Kernel protection information: Description - List the status of kernel protection mechanisms. Rather than inspect kernel mechanisms that may aid in the prevention of exploitation of userspace processes, this option lists the status of kernel configuration options that harden the kernel itself against attack. Kernel config: /proc/config.gz GCC stack protector support: Enabled Strict user copy checks: Disabled Enforce read-only kernel data: Disabled Restrict /dev/mem access: Enabled Restrict /dev/kmem access: Enabled * grsecurity / PaX: Auto GRKERNSEC Non-executable kernel pages: Enabled Non-executable pages: Enabled Paging Based Non-executable pages: Enabled Restrict MPROTECT: Enabled Address Space Layout Randomization: Enabled Randomize Kernel Stack: Enabled Randomize User Stack: Enabled Randomize MMAP Stack: Enabled Sanitize freed memory: Enabled Sanitize Kernel Stack: Enabled Prevent userspace pointer deref: Enabled Prevent kobject refcount overflow: Enabled Bounds check heap object copies: Enabled JIT Hardening: Enabled Thread Stack Random Gaps: Enabled Disable writing to kmem/mem/port: Enabled Disable privileged I/O: Enabled Harden module auto-loading: Enabled Chroot Protection: Enabled Deter ptrace process snooping: Enabled Larger Entropy Pools: Enabled TCP/UDP Blackhole: Enabled Deter Exploit Bruteforcing: Enabled Hide kernel symbols: Enabled * Kernel Heap Hardening: No KERNHEAP The KERNHEAP hardening patchset is available here: https://www.subreption.com/kernheap/
Kernel Test in XML
$ checksec.sh --output xml --kernel <?xml version="1.0" encoding="UTF-8"?> <kernel config=`/boot/config-3.11-2-amd64` gcc_stack_protector=`yes` strict_user_copy_check=`no` ro_kernel_data=`yes` restrict_dev_mem_access=`yes` restrict_dev_kmem_access=`no`> <grsecurity config=`no` /> <kernheap config=`no` /> </kernel>
Kernel Test in Json
$ checksec.sh --output json --kernel { "kernel": { "KernelConfig":"/boot/config-3.11-2-amd64","gcc_stack_protector":"yes","strict_user_copy_check":"no","ro_kernel_data":"yes","restrict_dev_mem_access":"yes","restrict_dev_kmem_access":"no" },{ "grsecurity_config":"no" },{ "kernheap_config":"no" } }
Warning
Due to the original structure of the script the –output argument should be placed first on the command line arguments. Doing differently would require really big changes in the code.
本文轉自fatshi51CTO部落格,原文連結:http://blog.51cto.com/duallay/1876720 ,如需轉載請自行聯絡原作者
相關文章
- Linux中如何檢視開啟了哪些埠?Linux
- win10怎麼檢視最近修改的檔案_win10如何檢視最近開啟的檔案Win10
- 扒一扒ELF檔案
- Linux如何檢視檔案包含內容?常用指令有哪些?Linux
- Linux檢視檔案的命令有哪些?Linux
- elf檔案格式
- mobi是什麼檔案格式 mobi檔案怎麼開啟檢視
- win10系統mth檔案怎麼開啟_win10如何檢視mth檔案Win10
- ELF檔案中的各個節區
- STL格式檔案用什麼開啟(手機檢視STL檔案工具)
- ELF檔案逆向分析
- sldprt檔案用什麼軟體開啟(手機sldprt檔案檢視器)
- win10最近訪問檔案怎麼檢視_win10檢視最近開啟檔案的步驟Win10
- Python如何檢視安裝了哪些模組?Python
- win10系統ai檔案怎麼檢視_win10系統ai檔案如何開啟Win10AI
- 檢視ELF中資料段哪些變數佔用空間變數
- 檢視檔案
- win10如何檢視heic檔案_win10怎麼檢視heic檔案Win10
- Win10 1909系統hosts檔案如何檢視_win10 1909開啟host檔案位置的方法Win10
- elf檔案處理工具
- 企業及個人如何有效保護資料安全?
- win10 如何檢視raw檔案 win10 如何檢視rawWin10
- 每天一個Linux命令-使用du檢視檔案大小Linux
- 分享一個檢視xhprof資料檔案的docker映象Docker
- 企業檔案安全,你重視了嗎?
- 解讀《資料安全法》,開啟資料安全保護“新思路”
- win10怎樣開啟stp檔案檢視工具_win10系統stp檔案用什麼開啟Win10
- 如何保護電子郵件安全
- 一個檔案的開源專案,開啟你的開源之旅
- 如何檢視遠端埠是否開啟
- 保護MacBook安全,分享5個物理技巧Mac
- Swoole 啟動一個服務,開啟了哪些程式和執行緒?執行緒
- 如何檢查Mac上是否啟用了SIP系統完整性保護Mac
- CRM如何保護客戶資料安全?
- CRM如何保護企業資料安全?
- 如何保護PostgreSQL資料庫安全? | goteleportSQL資料庫Go
- iMazing檔案系統檢視一覽表
- 《個人資訊保護法》深度解讀|企業如何開展個人資訊保護工作?
- Linux中哪個命令可以檢視所有檔案?Linux