How to use the command checksec (with examples)
Checksec is a command that allows you to check the security properties of executables, including binary files, directories, processes, and the running kernel. This article will provide examples and explanations for each of these use cases.
Use case 1: List security properties of an executable binary file
Code:
checksec --file=path/to/binary
Motivation: This use case is useful when you want to examine the security properties of a specific binary file. By using the checksec command, you can get information such as ASLR (Address Space Layout Randomization), DEP (Data Execution Prevention), and PIE (Position Independent Executable) for the file.
Explanation:
--file=path/to/binary
: Specifies the path to the binary file that you want to check.
Example output:
RELRO STACK CANARY NX PIE RPATH RUNPATH Symbols FORTIFY Fortified Fortifiable FILE
Full RELRO No canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols No 0 2 path/to/binary
Use case 2: List security properties recursively of all executable files in a directory
Code:
checksec --dir=path/to/directory
Motivation: This use case is helpful when you want to analyze the security properties of multiple executable files within a specific directory. By using the checksec command with the –dir option, you can retrieve the security information of all the executable files in the directory, including ASLR, DEP, and PIE.
Explanation:
--dir=path/to/directory
: Specifies the path to the directory where the executable files are located. The checksec command will recursively search for all executable files within the directory.
Example output:
RELRO STACK CANARY NX PIE RPATH RUNPATH Symbols FORTIFY Fortified Fortifiable FILE
Full RELRO No canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols No 0 2 path/to/directory/file1
Partial RELRO No canary found NX enabled No PIE No RPATH No RUNPATH No Symbols No 0 2 path/to/directory/file2
Use case 3: List security properties of a process
Code:
checksec --proc=pid
Motivation: This use case is beneficial when you want to investigate the security properties of a specific process. By using the checksec command with the –proc option, you can obtain the security information of the process, such as ASLR, DEP, and PIE.
Explanation:
--proc=pid
: Specifies the process ID (PID) of the process that you want to check.
Example output:
RELRO STACK CANARY NX PIE RPATH RUNPATH Symbols FORTIFY Fortified Fortifiable PID
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols No 0 0 1234
Use case 4: List security properties of the running kernel
Code:
checksec --kernel
Motivation: This use case is handy when you want to examine the security properties of the running kernel. By using the checksec command with the –kernel option, you can retrieve information about the kernel’s security features, such as KASLR (Kernel Address Space Layout Randomization) and SMEP (Supervisor Mode Execution Protection).
Explanation:
--kernel
: Specifies that you want to check the security properties of the running kernel.
Example output:
CONFIG_DEFAULT_MMAP_MIN_ADDR: 65536
CONFIG_HARDENED_USERCOPY: Not found
CONFIG_MEMORY_HOTPLUG: Found
CONFIG_MEMORY_FAILURE: Found
KASLR: Enabled
SMEP: Enabled
Conclusion:
The checksec command is a versatile tool for checking the security properties of various components, including binary files, directories, processes, and the kernel. By utilizing its different options, you can analyze and assess the security features of your system, allowing you to identify potential vulnerabilities and take appropriate actions to mitigate them.