Commit Graph

268 Commits

Author SHA1 Message Date
M. Willis Monroe
d3f102b3b3 Typofix in readme (#61) 2018-01-12 13:58:04 +01:00
M. Willis Monroe
8bd093173d Fixed a few spelling errors (#60) 2018-01-12 11:46:36 +01:00
Stéphane Lesimple
bfe5a3b840 add some debug 2018-01-12 10:53:19 +01:00
Stéphane Lesimple
6a0242eea3 bump to v0.27 2018-01-11 15:36:41 +01:00
Stéphane Lesimple
bc4e39038a fix(opcodes): fix regression introduced in previous commit
We were saying unknown instead of vulnerable when the count of lfence opcodes was low
This was not impacting batch mode or the final decision, just the human-readable output of the script.
2018-01-11 15:35:57 +01:00
Stéphane Lesimple
62f8ed6f61
adding support for new /sys interface (#55)
* adding support for new /sys interface
* fix(objdump): prefer -d instead of -D, some kernels crash objdump otherwise
2018-01-11 12:23:16 +01:00
Gianluca Varisco
56b67f8082 Typo in README (#54) 2018-01-11 12:01:31 +01:00
Tobias Rüetschi
52a8f78885 send warning to stderr. (#53)
With --batch json there must not be any other output on stdout, so redirect warnings to stderr will show the warning on the console and only the json output is on stdout.
2018-01-11 09:55:43 +01:00
Stéphane Lesimple
a09a5ba38f bump to v0.25 to reflect changes 2018-01-11 09:08:29 +01:00
Abdoul Bah
5a7d8d7edf Produce JSON output formatted for Puppet, Ansible, Chef... (#50)
Produce JSON output formatted for Puppet, Ansible, Chef...
2018-01-11 09:04:13 +01:00
Stéphane Lesimple
49fdc6c449
Merge pull request #51 from cowanml/file_read_check_fixup
fixed file read test
2018-01-10 21:39:09 +01:00
Matt Cowan
af3de2a862 fixed file read test 2018-01-10 15:17:14 -05:00
Stéphane Lesimple
c6e1b0ac8a feat(kernel): add support for LZ4 decompression 2018-01-10 20:10:57 +01:00
Stéphane Lesimple
b913dacc1b
Merge pull request #48 from speed47/opensuse
fix(opensuse): add specific location for ibrs_enabled file
2018-01-10 18:41:30 +01:00
Stéphane Lesimple
eb0ebef5a8 fix(opensuse): add specific location for ibrs_enabled file 2018-01-10 17:40:33 +01:00
Stéphane Lesimple
e0254025e8
Merge pull request #47 from speed47/readme
update readme
2018-01-10 17:12:54 +01:00
Stéphane Lesimple
bd010340e6 update readme 2018-01-10 17:12:33 +01:00
Stéphane Lesimple
a658de2f01 fix(kernel): fix detection for separate /boot partitions 2018-01-10 16:27:16 +01:00
Stéphane Lesimple
4aed5589fe
Merge pull request #44 from speed47/bootimage
feat(kernel): check the BOOT_IMAGE info from cmdline before trying th…
2018-01-10 16:13:00 +01:00
Stéphane Lesimple
8ed1f5e3af feat(kernel): check the BOOT_IMAGE info from cmdline before trying the default names 2018-01-10 15:46:29 +01:00
Stéphane Lesimple
ffc542eb82 bump to v0.23 to reflect changes 2018-01-10 15:25:55 +01:00
Stéphane Lesimple
74bc7ba637 add --variant to specify what check we want to run 2018-01-10 15:22:30 +01:00
Stéphane Lesimple
5389ac6844
Merge pull request #41 from bang-communications/master
NRPE mode
2018-01-10 15:11:45 +01:00
Stéphane Lesimple
36fb83215a
Merge pull request #42 from simon-vasseur/style
added some style (screenshot in readme)
2018-01-10 15:07:34 +01:00
Marcus Downing
59fe8c2ad8 Error on unknown batch format 2018-01-10 13:57:10 +00:00
Simon Vasseur
b8d28e7f61 added some style 2018-01-10 14:55:58 +01:00
Marcus Downing
7c11d07865 Stray tab 2018-01-10 11:59:33 +00:00
Marcus Downing
7c5cfbb8c3 batch nrpe 2018-01-10 11:57:45 +00:00
Marcus Downing
381038eceb NRPE mode 2018-01-10 11:18:45 +00:00
Stéphane Lesimple
d6e4aa43f0
Merge pull request #37 from deufrai/better-dmesg-support
Improve PTI detection
2018-01-09 19:52:45 +01:00
Stéphane Lesimple
e5e09384f0 typofix 2018-01-09 18:54:35 +01:00
Stéphane Lesimple
7222367f04 add disclaimer and bump to 0.21 2018-01-09 18:52:21 +01:00
Stéphane Lesimple
ab512687cf
Merge pull request #38 from Alkorin/fixARM
Fix ARM checks
2018-01-09 18:47:25 +01:00
Stéphane Lesimple
a5aaa790a0
Merge pull request #39 from Alkorin/typo
Fix small typo in error message
2018-01-09 18:45:58 +01:00
Alkorin
335439dee0 Fix small typo in error message 2018-01-09 18:44:15 +01:00
Alkorin
45297b6f7d Fix ARM checks 2018-01-09 18:41:48 +01:00
Frederic CORNU
a7b14306d5 Improve PTI detection even more
when PTI detection relies on dmesg, dmesg output is checked first
then /var/log/dmesg if dmesg output lacks boot time messages
2018-01-09 18:26:32 +01:00
Frederic CORNU
608952ff71 Improve PTI detection
In case of a busy or misconfigured server, kernel message buffer loop
can be filled with messages broadcasted later than boot time. So dmesg
command wont return boot time messages.

Grepping /var/log/dmesg fixes it and this log file location semms pretty
standard across many common distros
2018-01-09 18:17:39 +01:00
Stéphane Lesimple
1c3d349667
Merge pull request #31 from Feandil/batch
Add a "batch" and "verbose" mode
2018-01-09 18:12:39 +01:00
Stéphane Lesimple
b93b13263d fix(pti): remove escapes since we use grep -E now 2018-01-09 16:01:44 +01:00
Vincent Brillault
ad342cab06
Introduce "verbose" and "batch" modes
Rewrite the way the output is processed:
- Define verbosity level (currently warn, info (default) & verbose)
- Add a batch mode, for simple machine parsing
2018-01-09 15:58:13 +01:00
Vincent Brillault
5fd85e288b
No-color: interpret string (-e) to be able to mach \x1B 2018-01-09 15:57:10 +01:00
Stéphane Lesimple
322f4efc8f fix broken logic of 68961f9, increment version to 0.20 2018-01-09 14:55:12 +01:00
Vincent Brillault
b6bfcdbd45
Move configuration at the beginning of the script 2018-01-09 14:18:02 +01:00
Stéphane Lesimple
19b01078c2
Merge pull request #32 from speed47/arm
adding known non-vulnerable ARM chips
2018-01-09 13:57:27 +01:00
Stéphane Lesimple
68961f98c2 adding known non-vulnerable ARM chips 2018-01-09 13:11:48 +01:00
Stéphane Lesimple
f0f2ea9b11 v0.19: introduce --no-color 2018-01-09 10:32:51 +01:00
Stéphane Lesimple
6f1bdba1d9 bump to v0.18 to reflect changes 2018-01-09 09:21:42 +01:00
Stéphane Lesimple
7b05105a54
Merge pull request #25 from Feandil/proc_config
When using /proc/config.gz, indicate it more clearly
2018-01-09 09:19:36 +01:00
Stéphane Lesimple
8aed2d4086
Merge pull request #26 from Feandil/proc_kallsym
Use /proc/kallsyms to get symbols, if available
2018-01-09 09:17:18 +01:00