- GentOscar checksec.sh # ./checksec --kernel
- * Kernel protection information:
- Description - List the status of kernel protection mechanisms. Rather than
- inspect kernel mechanisms that may aid in the prevention of exploitation of
- userspace processes, this option lists the status of kernel configuration
- options that harden the kernel itself against attack.
- Kernel config:
- /proc/config.gz
- Vanilla Kernel ASLR: Full
- Protected symlinks: Enabled
- Protected hardlinks: Enabled
- Ipv4 reverse path filtering: Enabled
- Ipv6 reverse path filtering: Disabled
- Kernel heap randomization: Enabled
- GCC stack protector support: Enabled
- Restrict /dev/mem access: Disabled
- Restrict /dev/kmem access: Disabled
- * X86 only:
- Strict user copy checks: Disabled
- Address space layout randomization: Disabled
- * Selinux: No SELinux
- SELinux infomation available here:
- http://selinuxproject.org/
- * grsecurity / PaX: Custom GRKERNSEC
- Non-executable kernel pages: Disabled
- Non-executable pages: Disabled
- Paging Based Non-executable pages: Disabled
- Restrict MPROTECT: Disabled
- Address Space Layout Randomization: Enabled
- Randomize Kernel Stack: Enabled
- Randomize User Stack: Enabled
- Randomize MMAP Stack: Enabled
- Sanitize freed memory: Disabled
- Sanitize Kernel Stack: Disabled
- Prevent userspace pointer deref: Disabled
- Prevent kobject refcount overflow: Disabled
- Bounds check heap object copies: Disabled
- JIT Hardening: No BPF JIT
- Thread Stack Random Gaps: Disabled
- Disable writing to kmem/mem/port: Disabled
- Disable privileged I/O: Disabled
- Harden module auto-loading: Enabled
- Chroot Protection: Disabled
- Deter ptrace process snooping: Disabled
- Larger Entropy Pools: Disabled
- TCP/UDP Blackhole: Disabled
- Deter Exploit Bruteforcing: Enabled
- Hide kernel symbols: Enabled
- Pax softmode: Disabled