commit
664fb7662f
|
@ -5,3 +5,7 @@ RUN apk --update --no-cache add kmod binutils grep perl
|
|||
COPY . /check
|
||||
|
||||
ENTRYPOINT ["/check/spectre-meltdown-checker.sh"]
|
||||
|
||||
VOLUME /boot
|
||||
VOLUME /dev/cpu
|
||||
VOLUME /lib/modules
|
||||
|
|
17
README.md
17
README.md
|
@ -7,9 +7,9 @@ A shell script to tell if your system is vulnerable against the several "specula
|
|||
- CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
|
||||
- CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
|
||||
- CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
|
||||
- CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 [L1 terminal fault] aka 'Foreshadow & Foreshadow-NG'
|
||||
|
||||
**2018-08-15: Foreshadow support is being worked on, vulnerable/immune CPUs are already detected, and kernel-reported vulnerability status is checked, but manual mitigation detection is currently being implemented, will be available in the next few days**
|
||||
- CVE-2018-3615 [L1 terminal fault] aka 'Foreshadow (SGX)'
|
||||
- CVE-2018-3620 [L1 terminal fault] aka 'Foreshadow-NG (OS)'
|
||||
- CVE-2018-3646 [L1 terminal fault] aka 'Foreshadow-NG (VMM)'
|
||||
|
||||
Supported operating systems:
|
||||
- Linux (all versions, flavors and distros)
|
||||
|
@ -49,9 +49,18 @@ sudo ./spectre-meltdown-checker.sh
|
|||
|
||||
### Run the script in a docker container
|
||||
|
||||
#### With docker-compose
|
||||
|
||||
```shell
|
||||
docker-compose build
|
||||
docker-compose run --rm spectre-meltdown-checker
|
||||
```
|
||||
|
||||
#### Without docker-compose
|
||||
|
||||
```shell
|
||||
docker build -t spectre-meltdown-checker .
|
||||
docker run --rm --privileged -v /boot:/boot:ro -v /lib/modules:/lib/modules:ro -v /dev/cpu:/dev/cpu:ro spectre-meltdown-checker
|
||||
docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker
|
||||
```
|
||||
|
||||
## Example of script output
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
version: '2'
|
||||
|
||||
services:
|
||||
spectre-meltdown-checker:
|
||||
build:
|
||||
context: ./
|
||||
dockerfile: ./Dockerfile
|
||||
image: spectre-meltdown-checker:latest
|
||||
container_name: spectre-meltdown-checker
|
||||
privileged: true
|
||||
network_mode: none
|
||||
volumes:
|
||||
- /boot:/boot:ro
|
||||
- /dev/cpu:/dev/cpu:ro
|
||||
- /lib/modules:/lib/modules:ro
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue