Merge 6f00ca89c3
into f8ca11e56a
This commit is contained in:
commit
1ef2e2ca81
|
@ -2,6 +2,7 @@
|
||||||
# Spectre & Meltdown checker
|
# Spectre & Meltdown checker
|
||||||
# Stephane Lesimple
|
# Stephane Lesimple
|
||||||
VERSION=0.13
|
VERSION=0.13
|
||||||
|
exitcode=7
|
||||||
|
|
||||||
# print status function
|
# print status function
|
||||||
pstatus()
|
pstatus()
|
||||||
|
@ -135,7 +136,7 @@ fi
|
||||||
/bin/echo -ne "> \033[46m\033[30mSTATUS:\033[0m "
|
/bin/echo -ne "> \033[46m\033[30mSTATUS:\033[0m "
|
||||||
[ "$status" = 0 ] && pstatus yellow UNKNOWN
|
[ "$status" = 0 ] && pstatus yellow UNKNOWN
|
||||||
[ "$status" = 1 ] && pstatus red VULNERABLE
|
[ "$status" = 1 ] && pstatus red VULNERABLE
|
||||||
[ "$status" = 2 ] && pstatus green 'NOT VULNERABLE'
|
[ "$status" = 2 ] && pstatus green 'NOT VULNERABLE' && exitcode=$((exitcode - 1))
|
||||||
|
|
||||||
###########
|
###########
|
||||||
# VARIANT 2
|
# VARIANT 2
|
||||||
|
@ -232,10 +233,13 @@ fi
|
||||||
/bin/echo -ne "> \033[46m\033[30mSTATUS:\033[0m "
|
/bin/echo -ne "> \033[46m\033[30mSTATUS:\033[0m "
|
||||||
if grep -q AMD /proc/cpuinfo; then
|
if grep -q AMD /proc/cpuinfo; then
|
||||||
pstatus green "NOT VULNERABLE" "your CPU is not vulnerable as per the vendor"
|
pstatus green "NOT VULNERABLE" "your CPU is not vulnerable as per the vendor"
|
||||||
|
exitcode=$((exitcode - 2))
|
||||||
elif [ "$ibrs_enabled" = 1 -o "$ibrs_enabled" = 2 ]; then
|
elif [ "$ibrs_enabled" = 1 -o "$ibrs_enabled" = 2 ]; then
|
||||||
pstatus green "NOT VULNERABLE" "IBRS mitigates the vulnerability"
|
pstatus green "NOT VULNERABLE" "IBRS mitigates the vulnerability"
|
||||||
|
exitcode=$((exitcode - 2))
|
||||||
elif [ "$retpoline" = 1 ]; then
|
elif [ "$retpoline" = 1 ]; then
|
||||||
pstatus green "NOT VULNERABLE" "retpolines mitigate the vulnerability"
|
pstatus green "NOT VULNERABLE" "retpolines mitigate the vulnerability"
|
||||||
|
exitcode=$((exitcode - 2))
|
||||||
else
|
else
|
||||||
pstatus red VULNERABLE "IBRS hardware + kernel support OR kernel with retpolines are needed to mitigate the vulnerability"
|
pstatus red VULNERABLE "IBRS hardware + kernel support OR kernel with retpolines are needed to mitigate the vulnerability"
|
||||||
fi
|
fi
|
||||||
|
@ -315,8 +319,10 @@ fi
|
||||||
/bin/echo -ne "> \033[46m\033[30mSTATUS:\033[0m "
|
/bin/echo -ne "> \033[46m\033[30mSTATUS:\033[0m "
|
||||||
if grep -q AMD /proc/cpuinfo; then
|
if grep -q AMD /proc/cpuinfo; then
|
||||||
pstatus green "NOT VULNERABLE" "your CPU is not vulnerable as per the vendor"
|
pstatus green "NOT VULNERABLE" "your CPU is not vulnerable as per the vendor"
|
||||||
|
exitcode=$((exitcode - 4))
|
||||||
elif [ "$kpti_enabled" = 1 ]; then
|
elif [ "$kpti_enabled" = 1 ]; then
|
||||||
pstatus green "NOT VULNERABLE" "PTI mitigates the vulnerability"
|
pstatus green "NOT VULNERABLE" "PTI mitigates the vulnerability"
|
||||||
|
exitcode=$((exitcode - 4))
|
||||||
else
|
else
|
||||||
pstatus red "VULNERABLE" "PTI is needed to mitigate the vulnerability"
|
pstatus red "VULNERABLE" "PTI is needed to mitigate the vulnerability"
|
||||||
fi
|
fi
|
||||||
|
@ -324,3 +330,5 @@ fi
|
||||||
/bin/echo
|
/bin/echo
|
||||||
|
|
||||||
[ -n "$vmlinux" -a -f "$vmlinux" ] && rm -f "$vmlinux"
|
[ -n "$vmlinux" -a -f "$vmlinux" ] && rm -f "$vmlinux"
|
||||||
|
|
||||||
|
exit $exitcode
|
||||||
|
|
Loading…
Reference in New Issue