Stéphane Lesimple
|
59714011db
|
refactor: IBRS_ALL & RDCL_NO are Intel-only
|
2018-04-10 22:51:45 +02:00 |
|
Stéphane Lesimple
|
51e8261a32
|
refactor: separate hw checks for Intel & AMD
|
2018-04-10 22:49:28 +02:00 |
|
Stéphane Lesimple
|
2a4bfad835
|
refactor: add is_amd and is_intel funcs
|
2018-04-10 22:49:28 +02:00 |
|
Stéphane Lesimple
|
7e52cea66e
|
feat(spectre2): refined how status of this vuln is decided and more precise explanations on how to fix
|
2018-04-10 22:49:28 +02:00 |
|
Benjamin Bouvier
|
417d7aab91
|
Fix trailing whitespace and mixed indent styles;
|
2018-04-10 22:42:47 +02:00 |
|
Sylvestre Ledru
|
67bf761029
|
Fix some user facing typos with codespell -w -q3 .
|
2018-04-08 18:44:13 +02:00 |
|
Stéphane Lesimple
|
0eabd266ad
|
refactor: decrease default verbosity for some tests
|
2018-04-05 22:20:16 +02:00 |
|
Stéphane Lesimple
|
b77fb0f226
|
fix: don't override ibrs/ibpb results with later tests
|
2018-04-05 22:04:20 +02:00 |
|
Stéphane Lesimple
|
89c2e0fb21
|
fix(amd): show cpuinfo and ucode details
|
2018-04-05 21:39:27 +02:00 |
|
Stéphane Lesimple
|
b88f32ed95
|
feat: print raw cpuid, and fetch ucode version under BSD
|
2018-04-05 00:07:12 +02:00 |
|
Stéphane Lesimple
|
7a4ebe8009
|
refactor: rewrite read_cpuid to get more common code parts between BSD and Linux
|
2018-04-05 00:06:24 +02:00 |
|
Stéphane Lesimple
|
0919f5c236
|
feat: add explanations of what to do when a vulnerability is not mitigated
|
2018-04-05 00:03:04 +02:00 |
|
Stéphane Lesimple
|
de02dad909
|
feat: rework Spectre V2 mitigations detection w/ latest vanilla & Red Hat 7 kernels
|
2018-04-05 00:01:54 +02:00 |
|
Stéphane Lesimple
|
07484d0ea7
|
add dump of variables at end of script in debug mode
|
2018-04-04 23:58:15 +02:00 |
|
Stéphane Lesimple
|
a8b557b9e2
|
fix(cpu): skip CPU checks if asked to (--no-hw) or if inspecting a kernel of another architecture
|
2018-04-03 19:36:28 +02:00 |
|
Stéphane Lesimple
|
619b2749d8
|
fix(sysfs): only check for sysfs for spectre2 when in live mode
|
2018-04-03 19:32:36 +02:00 |
|
Stéphane Lesimple
|
056ed00baa
|
feat(arm): detect spectre variant 1 mitigation
|
2018-04-03 15:52:25 +02:00 |
|
Stéphane Lesimple
|
aef99d20f3
|
fix(pti): when PTI activation is unknown, don't say we're vulnerable
|
2018-04-03 12:45:17 +02:00 |
|
Stéphane Lesimple
|
e2d7ed2243
|
feat(arm): support for variant2 and meltdown mitigation detection
|
2018-04-01 17:50:18 +02:00 |
|
Stéphane Lesimple
|
eeaeff8ec3
|
set version to v0.36+ for master branch between releases
|
2018-04-01 17:45:01 +02:00 |
|
Stéphane Lesimple
|
f5269a362a
|
feat(bsd): add retpoline detection for BSD
|
2018-04-01 17:42:29 +02:00 |
|
Stéphane Lesimple
|
f3883a37a0
|
fix(xen): adjust message for DomUs w/ sysfs
|
2018-03-31 13:44:04 +02:00 |
|
Stéphane Lesimple
|
b6fd69a022
|
release: v0.36
|
2018-03-27 23:08:38 +02:00 |
|
Stéphane Lesimple
|
7adb7661f3
|
enh: change colors and use red only to report vulnerability
|
2018-03-25 18:15:08 +02:00 |
|
Stéphane Lesimple
|
aa74315df4
|
feat: speed up kernel version detection
|
2018-03-25 13:42:19 +02:00 |
|
Stéphane Lesimple
|
0b8a09ec70
|
fix: mis adjustments for BSD compat
|
2018-03-25 13:26:00 +02:00 |
|
Stéphane Lesimple
|
b42d8f2f27
|
fix(write_msr): use /dev/zero instead of manually echoing zeroes
|
2018-03-25 12:53:50 +02:00 |
|
Stéphane Lesimple
|
f191ec7884
|
feat: add --hw-only to only show CPU microcode/cpuid/msr details
|
2018-03-25 12:48:37 +02:00 |
|
Stéphane Lesimple
|
28da7a0103
|
misc: message clarifications
|
2018-03-25 12:48:03 +02:00 |
|
Stéphane Lesimple
|
ece25b98a1
|
feat: implement support for NetBSD/FreeBSD/DragonFlyBSD
|
2018-03-25 12:28:02 +02:00 |
|
Stéphane Lesimple
|
889172dbb1
|
feat: add special extract_vmlinux mode for old RHEL kernels
|
2018-03-25 11:55:44 +02:00 |
|
Stéphane Lesimple
|
37ce032888
|
fix: bypass MSR/CPUID checks for non-x86 CPUs
|
2018-03-25 11:55:44 +02:00 |
|
Stéphane Lesimple
|
701cf882ad
|
feat: more robust validation of extracted kernel image
|
2018-03-25 11:55:44 +02:00 |
|
Stéphane Lesimple
|
6a94c3f158
|
feat(extract_vmlinux): look for ELF magic in decompressed blob and cut at found offset
|
2018-03-25 11:55:42 +02:00 |
|
Stéphane Lesimple
|
2d993812ab
|
feat: add --prefix-arch for cross-arch kernel inspection
|
2018-03-25 11:55:10 +02:00 |
|
Stéphane Lesimple
|
4961f8327f
|
fix(ucode): fix blacklist detection for some ucode versions
|
2018-03-19 12:09:39 +01:00 |
|
Alex
|
ecdc448531
|
Check MSR in each CPU/Thread (#136)
|
2018-03-17 17:17:15 +01:00 |
|
Stéphane Lesimple
|
12ea49fe0c
|
fix(kvm): properly detect PVHVM mode (fixes #163)
|
2018-03-16 18:29:58 +01:00 |
|
Stéphane Lesimple
|
053f1613de
|
fix(doc): use https:// URLs in the script comment header
|
2018-03-16 18:24:59 +01:00 |
|
Stéphane Lesimple
|
bda18d04a0
|
fix: pine64: re-add vmlinuz location and some error checks
|
2018-03-10 16:02:44 +01:00 |
|
Stéphane Lesimple
|
d5832dc1dc
|
feat: add ELF magic detection on kernel image blob for some arm64 systems
|
2018-03-10 14:57:25 +01:00 |
|
Stéphane Lesimple
|
d2f46740e9
|
feat: enhance kernel image version detection for some old kernels
|
2018-03-10 14:57:25 +01:00 |
|
Sam Morris
|
2f6a6554a2
|
Produce output for consumption by prometheus-node-exporter
A report of all vulnerable machines to be produced with a query such as:
spexec_vuln_status{status!="OK"}
|
2018-02-27 11:08:39 +01:00 |
|
Stéphane Lesimple
|
30842dd9c0
|
release: bump to v0.35
|
2018-02-16 10:35:49 +01:00 |
|
Stéphane Lesimple
|
b4ac5fcbe3
|
feat(variant2): better explanation when kernel supports IBRS but CPU does not
|
2018-02-16 10:34:01 +01:00 |
|
Stéphane Lesimple
|
55a6fd3911
|
feat(variant1): better detection for Red Hat/Ubuntu patch
|
2018-02-15 21:19:49 +01:00 |
|
Sylvestre Ledru
|
35c8a63de6
|
Remove the color in the title
|
2018-02-15 20:21:00 +01:00 |
|
Stéphane Lesimple
|
5f914e555e
|
fix(xen): declare Xen's PTI patch as a valid mitigation for variant3
|
2018-02-14 14:24:55 +01:00 |
|
Stéphane Lesimple
|
66dce2c158
|
fix(ucode): update blacklisted ucodes list from latest Intel info
|
2018-02-14 14:14:16 +01:00 |
|
Calvin Walton
|
155cac2102
|
Teach checker how to find kernels installed by systemd kernel-install
|
2018-02-10 20:51:33 +01:00 |
|