GentOscar checksec.sh # ./checksec --kernel * Kernel protection information: Description - List the status of kernel protection mechanisms. Rather than inspect kernel mechanisms that may aid in the prevention of exploitation of userspace processes, this option lists the status of kernel configuration options that harden the kernel itself against attack. Kernel config: /proc/config.gz Vanilla Kernel ASLR: Full Protected symlinks: Enabled Protected hardlinks: Enabled Ipv4 reverse path filtering: Enabled Ipv6 reverse path filtering: Disabled Kernel heap randomization: Enabled GCC stack protector support: Enabled Restrict /dev/mem access: Disabled Restrict /dev/kmem access: Disabled * X86 only: Strict user copy checks: Disabled Address space layout randomization: Disabled * Selinux: No SELinux SELinux infomation available here: http://selinuxproject.org/ * grsecurity / PaX: Custom GRKERNSEC Non-executable kernel pages: Disabled Non-executable pages: Disabled Paging Based Non-executable pages: Disabled Restrict MPROTECT: Disabled Address Space Layout Randomization: Enabled Randomize Kernel Stack: Enabled Randomize User Stack: Enabled Randomize MMAP Stack: Enabled Sanitize freed memory: Disabled Sanitize Kernel Stack: Disabled Prevent userspace pointer deref: Disabled Prevent kobject refcount overflow: Disabled Bounds check heap object copies: Disabled JIT Hardening: No BPF JIT Thread Stack Random Gaps: Disabled Disable writing to kmem/mem/port: Disabled Disable privileged I/O: Disabled Harden module auto-loading: Enabled Chroot Protection: Disabled Deter ptrace process snooping: Disabled Larger Entropy Pools: Disabled TCP/UDP Blackhole: Disabled Deter Exploit Bruteforcing: Enabled Hide kernel symbols: Enabled Pax softmode: Disabled