commit
664fb7662f
|
@ -5,3 +5,7 @@ RUN apk --update --no-cache add kmod binutils grep perl
|
||||||
COPY . /check
|
COPY . /check
|
||||||
|
|
||||||
ENTRYPOINT ["/check/spectre-meltdown-checker.sh"]
|
ENTRYPOINT ["/check/spectre-meltdown-checker.sh"]
|
||||||
|
|
||||||
|
VOLUME /boot
|
||||||
|
VOLUME /dev/cpu
|
||||||
|
VOLUME /lib/modules
|
||||||
|
|
17
README.md
17
README.md
|
@ -7,9 +7,9 @@ A shell script to tell if your system is vulnerable against the several "specula
|
||||||
- CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
|
- CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
|
||||||
- CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
|
- CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
|
||||||
- CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
|
- CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
|
||||||
- CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 [L1 terminal fault] aka 'Foreshadow & Foreshadow-NG'
|
- CVE-2018-3615 [L1 terminal fault] aka 'Foreshadow (SGX)'
|
||||||
|
- CVE-2018-3620 [L1 terminal fault] aka 'Foreshadow-NG (OS)'
|
||||||
**2018-08-15: Foreshadow support is being worked on, vulnerable/immune CPUs are already detected, and kernel-reported vulnerability status is checked, but manual mitigation detection is currently being implemented, will be available in the next few days**
|
- CVE-2018-3646 [L1 terminal fault] aka 'Foreshadow-NG (VMM)'
|
||||||
|
|
||||||
Supported operating systems:
|
Supported operating systems:
|
||||||
- Linux (all versions, flavors and distros)
|
- Linux (all versions, flavors and distros)
|
||||||
|
@ -49,9 +49,18 @@ sudo ./spectre-meltdown-checker.sh
|
||||||
|
|
||||||
### Run the script in a docker container
|
### Run the script in a docker container
|
||||||
|
|
||||||
|
#### With docker-compose
|
||||||
|
|
||||||
|
```shell
|
||||||
|
docker-compose build
|
||||||
|
docker-compose run --rm spectre-meltdown-checker
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Without docker-compose
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
docker build -t spectre-meltdown-checker .
|
docker build -t spectre-meltdown-checker .
|
||||||
docker run --rm --privileged -v /boot:/boot:ro -v /lib/modules:/lib/modules:ro -v /dev/cpu:/dev/cpu:ro spectre-meltdown-checker
|
docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker
|
||||||
```
|
```
|
||||||
|
|
||||||
## Example of script output
|
## Example of script output
|
||||||
|
|
|
@ -0,0 +1,15 @@
|
||||||
|
version: '2'
|
||||||
|
|
||||||
|
services:
|
||||||
|
spectre-meltdown-checker:
|
||||||
|
build:
|
||||||
|
context: ./
|
||||||
|
dockerfile: ./Dockerfile
|
||||||
|
image: spectre-meltdown-checker:latest
|
||||||
|
container_name: spectre-meltdown-checker
|
||||||
|
privileged: true
|
||||||
|
network_mode: none
|
||||||
|
volumes:
|
||||||
|
- /boot:/boot:ro
|
||||||
|
- /dev/cpu:/dev/cpu:ro
|
||||||
|
- /lib/modules:/lib/modules:ro
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue