-
Notifications
You must be signed in to change notification settings - Fork 302
/
ChangeLog
293 lines (290 loc) · 11.5 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
Rev-2024042601 Brian Davis <[email protected]>
* Update to 2.7.1
* checksec FORTIFY detection (#236)
Thanks @teoberi
* Fix duplicate entries in fortify count
* update tests
Rev-2024042101 Brian Davis <[email protected]>
* Update to 2.7.0
* libc cleanup
* Added github pages
* Check kernel for YAMA
Thanks @cgzones
* Fix Nx checks
* Move github primary branch from master to main
* Update gitattributes
Thanks @calebTree
* Allow setting a libc file
Thanks @sreschke80
* Add tests for listfile
Thanks @ysmaoui
* Fix trailing comma with listfile
Thanks @ysmaoui
* Several shellcheck fixes
Thanks @ysmaoui
* If no header is present, return N/A for Relro and nx
Thanks @petervas
* Remove superfluous -W flags
Thanks @petervas
* Fix broken Nx checks
Thanks @petervas
* change default libc search path from / to /lib
Thanks @petervas
* Cleanup grep
Thanks @petervas
* Rewrite man page in mdoc
Thanks @Artoria2e5
* Remove s_readelf
Thanks @petervas
* Fix stack protection and full relro check
Thanks @petervas
* Add tests suite for hardening checks
Thanks @petervas
* Speed up FS_comparison by 10x
Thanks @Artoria2e5
* Make shellcheck only run on final script
Thanks @Artoria2e5
* Fix debug exit check
Thanks @katexochen
* Use Dynamic Section if there is no symbols table
Thanks @ffontaine
* Check fortify vs fortified
Thanks @azat
Rev-2022052701 Brian Davis <[email protected]>
* update to 2.6.0
* fix missing sysctl on fedora
Thanks @spdfnet
* remove extra parenthesis
Thanks @koobs
* add missing libc on LoongArch-64
Thanks @xiaoxiaoafeifei
Rev-2021101001 Brian Davis <[email protected]>
* update to 2.5.0
* split checksec into multiple files for easier maintenance and debugging
* remove space between options and only support `=` until refactor can happen
* Add pre-commit-checks
* update License.txt to include BSD license
Thanks @mr-segfault
* Move to new Arch Linux docker images
Thanks @Maryse47
* Add photon support for tests
* Check journalctl -k for NX protection
Thanks @Tatsh
* improve debug formatting
Thanks @bmwiedemann
* Fix shellcheck warnings and style issues
Thanks @a1346054
* Make --dir option follow symlinks
Rev-2020081501 Brian Davis <[email protected]>
* checksec.sh: Updated to 2.4.0
* checksec.sh: checksec_automator.sh add check x-pie-executable
Thanks @ja-pa
* checksec.sh: Support for list file modifier
Thanks @dsuarezv
* checksec.sh: Update license
Thanks @mr-segfault
Rev-2020052701 Brian Davis <[email protected]>
* checksec.sh: Updated to 2.2.0
* checksec.sh: fix several small issues
Thanks @cgzones
* checksec.sh: add selfrando checks
Thanks @Estella
* checksec.sh: fix json validation
* checksec.sh: added github actions validation tests
* checksec.sh: fix stack protector functions
Thanks @cgzones
* checksec.sh: improve core dump checks
Thanks @cgzones
* checksec.sh: Run readelf in wide mode
Thanks @cgzones
Rev-2019061301 Brian Davis <[email protected]>
* checksec.sh: Updated to 2.0.0 - Breaking changes in options, no longer support short options
* checksec.sh: Rewrite checksec to use getopts and move to all functions
* checksec.sh: add MUSL support
Thanks g3ngr33n
* checksec.sh: fixed coredumpcheck
Rev-2019061301 Brian Davis <[email protected]>
* checksec.sh: adds Clang CFI and SafeStack checks
Thanks dobin
* checksec.sh: Proc-all proccheck() json fix
Thanks etke
* checksec.sh: Fix --proc-all json output
Thanks etke
* checksec.sh: Switch --proc to use pgrep and fix json output
Thanks etke
* checksec.sh: Fix --proc-libs json output
Thanks etke
* checksec.sh: Fixed some calls to readelf missing stderr redirection to /dev/null
Thanks areisbr
* checksec.sh: fixed several issues around json and xml formatting
* checksec.sh: fixed fortify source catching false positives
Rev-2019011901 Brian Davis <[email protected]>
* checksec.sh: Updated to 1.11.1
* checksec.sh: resolved issues with readelf
* checksec.sh: Added docker images for testing
* checksec.sh: Added armhf and aarch64 libc locations
Thanks Avamander
* checksec.sh: Replace FS_COUNT with fgrep
Thanks Iraugusto
* checksec.sh: Fixed symbols count in csv
Thanks Iraugusto
* checksec.sh: Fixed RW-RPATH and RW-RUNPATH
Thanks Iraugusto
* checksec.sh: Added stack canaries generated by intel compiler
Thanks Xavier Brouckaert
* checksec.sh: Mute stat errors for non-existent directories
Thanks Iraugusto
* checksec.sh: Removed invalid json structures and duplicate kernel checks
* checksec.sh: fixed spaces in -d option
* checksec.sh: Added stack-protector-string check
Thanks scottellis
* checksec.sh: Add arm64 specific kernel checks
Thanks scottellis
* checksec.sh: Add REFCOUNT_FULL to kernel tests
Thanks scottellis
* checksec.sh: Remove OSX support
Rev-2018012401 Brian Davis <[email protected]>
* checksec.sh: Updated to 1.9.0
* checksec.sh: made all kernel checks dependant on kernel version
* checksec.sh: moved man page to section 1
* checksec.sh: fixed debug flag
* checksec.sh: resolved issue with -d
* checksec.sh: fixed stack protector on 4.18+ kernels
Thanks cheese
* checksec.sh: fixed runpath name in output
Thanks philipturnbull
* checksec.sh: updated readme for offline testing
Thanks matthew-l-weber
Rev-2018012401 Brian Davis <[email protected]>
* checksec.sh: Updated to 1.8.0
* checksec.sh: resolved issue with eu-readelf debug
* checksec.sh: shellcheck cleanup
Rev-2017080801 Brian Davis <[email protected]>
* checksec.sh: Cleaned up if statements for proper bash expressions
Rev-2016102701 Brian Davis <[email protected]>
* checksec.sh: updated to 1.7.5
* checksec.sh: added OSX support
Thanks Ben Actis
* checksec.sh: added space and underscore support
Thanks brianmwaters
* checksec.sh: cleaned up code formatting
Rev-2016022002 Brian Davis <[email protected]>
* checksec.sh: updated to 1.7.4
* checksec.sh: fixed man page
* checksec.sh: added pkg_release option to disable updates for packaged releases
* checksec.sh: cleanup up proc-libs
Rev-2016021501 Brian Davis <[email protected]>
* checksec.sh: merged in zsh completion
Thanks Vaeth
* checksec.sh: added man page for checksec
* checksec.sh: updated readme to reflect output in place of format option
Rev-2016021501 Brian Davis <[email protected]>
* checksec.sh: updated to 1.7.3
* checksec.sh: added xml and json validation tests
* checksec.sh: fixed xml and json errors from validation tests
* checksec.sh: expanded grsecurity checks and cleaned up formatting
Rev-2016010502 Brian Davis <[email protected]>
* checksec.sh: Added some extra debug output and started cleanup.
Rev-2016010501 Brian Davis <[email protected]>
* checksec.sh: Fixed sysctl path issue #20
Thanks hartwork
Rev-2015122201 Brian Davis <[email protected]>
* checksec.sh: Merged in json fixes.
Thanks jpouellet
Rev-2015122101 Brian Davis <[email protected]>
* checksec.sh: Merged in passing in command line kernel config, x86 fix and optional tools.
Thanks philippedeswert
* checksec.sh: split off mandatory tool from optional tools.
* checksec.sh: Updated to 1.7.1
* checksec.sh: Added Seccomp tests from olivierlemoal.
Rev-2015102001 Brian Davis <[email protected]>
* checksec.sh: Set static LC_ALL to resolve LANG errors. Resolves Ticket #13
* checksec.sh: Merged in additional kernel options and arch specific options. Ticket #14
Thanks philippedeswert
* checksec.sh: Updated to 1.7.0 to support revision releases.
* checksec.sh: put in checks to not display checks that are for different architectures.
Rev-2015091505 Brian Davis <[email protected]>
* checksec.sh: added additional debug output for troubleshooting purposes
Rev-2015091401 Brian Davis <[email protected]>
* checksec.sh: added debug option for troubleshooting purposes
Rev-2015091301 Brian Davis <[email protected]>
* checksec.sh: merged in changes for fedora/epel compliance
Thanks Besser82
* checksec.sh: updated check binaries on run
Thanks Roberto Martelloni
Rev-2015060201 Brian Davis <[email protected]>
* checksec.sh: merged in fortified/fortify-able stats on --file output changed
Thanks Roberto Martelloni
Rev-2015011201 Brian Davis <[email protected]>
* checksec.sh: moved checksec.sh to checksec
Rev-2014021802 Brian Davis <[email protected]>
* checksec.sh: merged in RODATA and STRICT_USER_COPY changes
Thanks N8Fear
Rev-2014021801 Brian Davis <[email protected]>
* checksec.sh: merged in JIT and MODHARDEN changes
Thanks N8Fear
Rev-2014021605 Brian Davis <[email protected]>
* checksec.sh: Changed --update to verify signature of updates.
* checksec.sig: file added
Rev-2014021601 Brian Davis <[email protected]>
* checksec.sh: Removed deprecated Kern Heap section
Thanks Unspawn
2014-02-14 Brian Davis <[email protected]>
* checksec.sh: Updated to version 1.6
* checksec.sh: Implemented rev numbers and --update option
* checksec.sh: Added SELinux checks as additional checks for kernel security.
* checksec.sh: Added update option to pull the latest release
* checksec.sh: Added fortify_source to proc-all output.
* checksec.sh: Added Json, strict XML and updated Grsecurity section.
* checksec.sh: Carried over Robin David's changes with XML and CSV.
2013-10-06 Robin David <[email protected]>
* add machine-readable outputs like CSV and XML
2011-11-17 Tobias Klein <[email protected]>
* 1.5
* New checks for rpath and runpath elements in the dynamic sections.
Thanks to Ollie Whitehouse.
* Other bugfixes and improvements
- checksec.sh now takes account of the KBUILD_OUTPUT
environment variable when checking the Linux kernel
protection mechanisms (--kernel).
Thanks to Martin Vaeth for the hint.
- Some minor changes and clean-ups. Thanks to Brian Davis.
- Ubuntu 11.10 support for --fortify-file and --fortify-proc.
2011-01-14 Tobias Klein <[email protected]>
* 1.4
* Support for FORTIFY_SOURCE (--fortify-file, --fortify-proc)
* Lots of other bugfixes and improvements
- Check if the readelf command is available
- readelf support for 64-bit ELF files
- Check if the requested files and directories do exist
- '--dir' is now case-sensitive and correctly deals with
trailing slashes
- Check user permissions
- Etc.
2010-06-15 Tobias Klein <[email protected]>
* 1.3.1
* New BSD License
(http://www.opensource.org/licenses/bsd-license.php)
2010-05-04 Tobias Klein <[email protected]>
* 1.3
* Additional checks for a number of Linux kernel
protection mechanisms.
Thanks to Jon Oberheide (jon.oberheide.org).
2010-01-02 Tobias Klein <[email protected]>
* 1.2
* Additional PaX (http://pax.grsecurity.net/) checks.
Thanks to Brad Spengler (grsecurity.net) for the PaX
support.
* Some minor fixes (coloring adjusted, 'pidof' replacement)
2009-12-27 Tobias Klein <[email protected]>
* 1.1
* New '--proc-libs' option. This option instructs
checksec.sh to test the loaded libraries of a process.
* Additional information on ASLR results (--proc,
-proc-all, --proc-libs)
Thanks to Anthony G. Basile of the Tin Hat project
for the hint.
* Additional CPU NX check (--proc, --proc-all, --proc-libs)
2009-01-28 Tobias Klein <[email protected]>
* 1.0
* Initial release