projects / packages / checksec.git / blame
| Commit | Line | Data |
|---|---|---|
| a52bee30 ER |
1 | Summary: Tool to check system for binary-hardening |
| 2 | Name: checksec | |
| 3 | Version: 1.5 | |
| 4 | Release: 1 | |
| 5 | License: BSD | |
| 6 | Group: Development/Tools | |
| 7 | Source0: http://www.trapkit.de/tools/%{name}.sh | |
| 8 | # Source0-md5: 075996be339ab16ad7b94d6de3ee07bd | |
| 9 | Source1: http://www.trapkit.de/tools/%{name}_changes.txt | |
| 10 | # Source1-md5: 03a45df6ac588603c6191dc0a4883531 | |
| 11 | URL: http://www.trapkit.de/tools/checksec.html | |
| 12 | Requires: binutils | |
| 13 | BuildArch: noarch | |
| 14 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) | |
| 15 | ||
| 16 | %description | |
| 17 | Modern Linux distributions offer some mitigation techniques to make it | |
| 18 | harder to exploit software vulnerabilities reliably. Mitigations such | |
| 19 | as RELRO, NoExecute (NX), Stack Canaries, Address Space Layout | |
| 20 | Randomization (ASLR) and Position Independent Executables (PIE) have | |
| 21 | made reliably exploiting any vulnerabilities that do exist far more | |
| 22 | challenging. | |
| 23 | ||
| 24 | The checksec script is designed to test what *standard* Linux OS and | |
| 25 | PaX <http://pax.grsecurity.net/> security features are being used. | |
| 26 | ||
| 27 | As of version 1.3 the script also lists the status of various Linux | |
| 28 | kernel protection mechanisms. | |
| 29 | ||
| 30 | checksec can check binary-files and running processes for hardening | |
| 31 | features. | |
| 32 | ||
| 33 | %prep | |
| 34 | cp -p %{SOURCE1} ChangeLog | |
| 35 | ||
| 36 | %install | |
| 37 | rm -rf $RPM_BUILD_ROOT | |
| 38 | install -d $RPM_BUILD_ROOT%{_bindir} | |
| 39 | install -p %{SOURCE0} $RPM_BUILD_ROOT%{_bindir}/%{name} | |
| 40 | ||
| 41 | %clean | |
| 42 | rm -rf $RPM_BUILD_ROOT | |
| 43 | ||
| 44 | %files | |
| 45 | %defattr(644,root,root,755) | |
| 46 | %doc ChangeLog | |
| 47 | %attr(755,root,root) %{_bindir}/%{name} |