Stéphane Lesimple
49fdc6c449
Merge pull request #51 from cowanml/file_read_check_fixup
...
fixed file read test
2018-01-10 21:39:09 +01:00
Matt Cowan
af3de2a862
fixed file read test
2018-01-10 15:17:14 -05:00
Stéphane Lesimple
c6e1b0ac8a
feat(kernel): add support for LZ4 decompression
2018-01-10 20:10:57 +01:00
Stéphane Lesimple
eb0ebef5a8
fix(opensuse): add specific location for ibrs_enabled file
2018-01-10 17:40:33 +01:00
Stéphane Lesimple
a658de2f01
fix(kernel): fix detection for separate /boot partitions
2018-01-10 16:27:16 +01:00
Stéphane Lesimple
8ed1f5e3af
feat(kernel): check the BOOT_IMAGE info from cmdline before trying the default names
2018-01-10 15:46:29 +01:00
Stéphane Lesimple
ffc542eb82
bump to v0.23 to reflect changes
2018-01-10 15:25:55 +01:00
Stéphane Lesimple
74bc7ba637
add --variant to specify what check we want to run
2018-01-10 15:22:30 +01:00
Marcus Downing
59fe8c2ad8
Error on unknown batch format
2018-01-10 13:57:10 +00:00
Marcus Downing
7c11d07865
Stray tab
2018-01-10 11:59:33 +00:00
Marcus Downing
7c5cfbb8c3
batch nrpe
2018-01-10 11:57:45 +00:00
Marcus Downing
381038eceb
NRPE mode
2018-01-10 11:18:45 +00:00
Stéphane Lesimple
d6e4aa43f0
Merge pull request #37 from deufrai/better-dmesg-support
...
Improve PTI detection
2018-01-09 19:52:45 +01:00
Stéphane Lesimple
e5e09384f0
typofix
2018-01-09 18:54:35 +01:00
Stéphane Lesimple
7222367f04
add disclaimer and bump to 0.21
2018-01-09 18:52:21 +01:00
Stéphane Lesimple
ab512687cf
Merge pull request #38 from Alkorin/fixARM
...
Fix ARM checks
2018-01-09 18:47:25 +01:00
Alkorin
335439dee0
Fix small typo in error message
2018-01-09 18:44:15 +01:00
Alkorin
45297b6f7d
Fix ARM checks
2018-01-09 18:41:48 +01:00
Frederic CORNU
a7b14306d5
Improve PTI detection even more
...
when PTI detection relies on dmesg, dmesg output is checked first
then /var/log/dmesg if dmesg output lacks boot time messages
2018-01-09 18:26:32 +01:00
Frederic CORNU
608952ff71
Improve PTI detection
...
In case of a busy or misconfigured server, kernel message buffer loop
can be filled with messages broadcasted later than boot time. So dmesg
command wont return boot time messages.
Grepping /var/log/dmesg fixes it and this log file location semms pretty
standard across many common distros
2018-01-09 18:17:39 +01:00
Stéphane Lesimple
1c3d349667
Merge pull request #31 from Feandil/batch
...
Add a "batch" and "verbose" mode
2018-01-09 18:12:39 +01:00
Stéphane Lesimple
b93b13263d
fix(pti): remove escapes since we use grep -E now
2018-01-09 16:01:44 +01:00
Vincent Brillault
ad342cab06
Introduce "verbose" and "batch" modes
...
Rewrite the way the output is processed:
- Define verbosity level (currently warn, info (default) & verbose)
- Add a batch mode, for simple machine parsing
2018-01-09 15:58:13 +01:00
Vincent Brillault
5fd85e288b
No-color: interpret string (-e) to be able to mach \x1B
2018-01-09 15:57:10 +01:00
Stéphane Lesimple
322f4efc8f
fix broken logic of 68961f9
, increment version to 0.20
2018-01-09 14:55:12 +01:00
Vincent Brillault
b6bfcdbd45
Move configuration at the beginning of the script
2018-01-09 14:18:02 +01:00
Stéphane Lesimple
68961f98c2
adding known non-vulnerable ARM chips
2018-01-09 13:11:48 +01:00
Stéphane Lesimple
f0f2ea9b11
v0.19: introduce --no-color
2018-01-09 10:32:51 +01:00
Stéphane Lesimple
6f1bdba1d9
bump to v0.18 to reflect changes
2018-01-09 09:21:42 +01:00
Stéphane Lesimple
7b05105a54
Merge pull request #25 from Feandil/proc_config
...
When using /proc/config.gz, indicate it more clearly
2018-01-09 09:19:36 +01:00
Stéphane Lesimple
8aed2d4086
Merge pull request #26 from Feandil/proc_kallsym
...
Use /proc/kallsyms to get symbols, if available
2018-01-09 09:17:18 +01:00
Vincent Brillault
f4140a992a
Use /proc/kallsyms to get symbols, if available
2018-01-09 08:58:09 +01:00
Vincent Brillault
2c51b00a90
When using /proc/config.gz, indicate it more clearly
2018-01-09 08:54:07 +01:00
Stéphane Lesimple
2d94514c07
adding mention of heuristic for variant 1 check
2018-01-09 08:43:52 +01:00
Stéphane Lesimple
0e8f97afbc
Merge pull request #24 from angus-p/Remove-extra-space
...
remove superfluous space from test line 315
2018-01-09 08:34:10 +01:00
angus-p
cc0b325383
remove superfluous space from test line 315
...
Extra space was causing non-existent variable to be tested resulting in 'YES' if running in live mode and IBRS compiled in
2018-01-09 03:47:25 +00:00
Matthew Radcliffe
4454f03136
Increases tmp directory uniqueness to 6 characters to support Slackware
2018-01-08 22:28:55 -05:00
Stéphane Lesimple
949f316f89
missed version bump + README typofix
2018-01-08 23:15:42 +01:00
Stéphane Lesimple
d73a24cb5b
implement offline mode and help
2018-01-08 23:09:17 +01:00
Grim Kriegor
2d33a4369e
Linux-libre support
2018-01-08 21:56:11 +00:00
Stéphane Lesimple
8d4d295309
bump to v0.16 to reflect changes
2018-01-08 17:48:20 +01:00
Stéphane Lesimple
1ff437edbb
Merge pull request #16 from Alkorin/fixes
...
Fixes
2018-01-08 17:45:59 +01:00
Stéphane Lesimple
34656827f5
detect retpoline-compliant compiler from latest LKML patches
2018-01-08 17:32:19 +01:00
Alkorin
8c8a8d35fd
Detect if 'readelf' is present
2018-01-08 16:52:09 +01:00
Alkorin
debd10b517
Detect if 'strings' is present
2018-01-08 16:51:20 +01:00
Alkorin
21f81ff5c9
Detect if uncompress binaries are present
2018-01-08 16:51:14 +01:00
Stéphane Lesimple
206e4b7fbc
add detection of retpoline-aware compiler
2018-01-08 16:28:00 +01:00
Alkorin
1a14483c98
Use 'readelf' instead of 'file' to detect kernel
2018-01-08 15:56:19 +01:00
Alkorin
26564206db
Do not execute checks if we already found that PTI is enabled
2018-01-08 15:56:19 +01:00
Stéphane Lesimple
207168e097
detect if the used compiler supports retpoline (WIP)
2018-01-08 15:45:09 +01:00
Sebastian Wiesinger
c88acdd31d
Remove superfluous 'YES' output when checking cpuinfo
2018-01-08 14:50:59 +01:00
Sebastian Wiesinger
124ce8e27a
Recognize 'kaiser' flag in /proc/cpuinfo
2018-01-08 14:38:43 +01:00
Vincent Brillault
a792348928
RedHat uses a different configuration name
2018-01-08 12:59:12 +01:00
Vincent Brillault
66f7708095
Refactor RedHat support:
...
- Isolate file check to different elif (allowing to add more)
- Do the PTI debugfs check first (faster and supposed to be dynamic)
- If pti_enable is 0, don't trust dmesg (supposed to be dynamic)
2018-01-08 12:59:03 +01:00
Vincent Brillault
34ef5ef21b
Delay umount (for RedHat access to pti_enable)
2018-01-08 12:58:22 +01:00
Stéphane Lesimple
edbdf0da1f
push the lfence opcodes threshold to 70
2018-01-08 12:49:23 +01:00
Alkorin
47c30babf1
Avoid 'cat: /sys/kernel/debug/x86/pti_enabled: Permission denied'
2018-01-08 12:41:28 +01:00
Stéphane Lesimple
ef7a5c4cf6
adding uname -v to get potential additional vendor information
2018-01-08 12:22:56 +01:00
Vincent Brillault
b7197d6f54
Fix debugfs mount check
2018-01-08 12:15:51 +01:00
Stéphane Lesimple
c792fa35bf
add kernel version information to the output
2018-01-08 12:14:12 +01:00
Stéphane Lesimple
d1498fe03f
Merge pull request #5 from fccagou/centos
...
fix(centos): check according to redhat patch.
2018-01-08 12:10:07 +01:00
Stéphane Lesimple
12bdd0e412
root check is now more visible
2018-01-08 11:31:19 +01:00
fccagou
0f50e04dab
fix(centos): check according to redhat patch. https://access.redhat.com/articles/3311301
2018-01-08 11:14:22 +01:00
David Guglielmi
bf056ae73d
Add support for Gentoo genkernel image path
2018-01-08 11:08:53 +01:00
Frederik Schreiber
40a9d43c44
add arch linux bootimage path
2018-01-08 10:36:29 +01:00
Stéphane Lesimple
c1004d5171
fix extract-vmlinux for non-gzip
2018-01-08 09:56:29 +01:00
Stéphane Lesimple
fa0850466e
add some comments, enhance pti detection
2018-01-08 09:37:54 +01:00
Thibault Nélis
1aaca63dcf
Improve "running as root" check
...
Small issue with the USER environment variable:
$ echo $USER
thib
$ sudo sh -c 'echo $USER'
thib
$ sudo -i sh -c 'echo $USER'
root
Rather than recommending users to use sudo --login / -i, use the (very
widespread/portable) id program to retrieve the effective user ID
instead and don't change the recommendation.
$ id -u
1000
$ sudo id -u
0
$ sudo -i id -u
0
2018-01-08 01:22:14 +01:00
Stéphane Lesimple
96dfa03c00
fix for uncompressed vmlinux case
2018-01-08 00:45:12 +01:00
Stéphane Lesimple
05c79425ab
detect kpti directly in vmlinux if option is not there
2018-01-07 22:47:41 +01:00
Stéphane Lesimple
64eb1d005c
add couple missing elses
2018-01-07 18:49:15 +01:00
Stéphane Lesimple
bffda8b3e7
remove dependency on rdmsr
2018-01-07 18:36:56 +01:00
Stéphane Lesimple
13f2133a97
cosmetic fix
2018-01-07 18:14:08 +01:00
Stéphane Lesimple
8c2fd0f0bb
fix MSR reading, need rdmsr for now
2018-01-07 18:13:25 +01:00
Stéphane Lesimple
761c2b80e4
cosmetic fix
2018-01-07 17:19:37 +01:00
Stéphane Lesimple
d6977928e5
msg fix
2018-01-07 17:15:08 +01:00
Stéphane Lesimple
bd4c74331e
add retpolines check
2018-01-07 16:57:14 +01:00
Stéphane Lesimple
82972f8790
fix status unknown for variant 1
2018-01-07 16:32:34 +01:00
Stéphane Lesimple
30de4f6336
remove hardcoded kernel image path
2018-01-07 16:25:50 +01:00
Stéphane Lesimple
9ed1fcd98a
cosmetic + v0.02
2018-01-07 16:22:30 +01:00
Stéphane Lesimple
ef7c0d7ec5
add variant 1 check
2018-01-07 16:16:11 +01:00
Stéphane Lesimple
3b760822ff
fix echo under some shells
2018-01-07 16:00:01 +01:00
Stéphane Lesimple
0201b02313
typofix
2018-01-07 15:37:50 +01:00
Stéphane Lesimple
c937e6603b
add System.map way of detecting kpti build
2018-01-07 15:36:05 +01:00
Stéphane Lesimple
4211178b3a
v0.01
2018-01-07 15:00:59 +01:00