bfe5a3b840
add some debug
2018-01-12 10:53:19 +01:00
6a0242eea3
bump to v0.27
2018-01-11 15:36:41 +01:00
bc4e39038a
fix(opcodes): fix regression introduced in previous commit
...
We were saying unknown instead of vulnerable when the count of lfence opcodes was low
This was not impacting batch mode or the final decision, just the human-readable output of the script.
2018-01-11 15:35:57 +01:00
62f8ed6f61
adding support for new /sys interface ( #55 )
...
* adding support for new /sys interface
* fix(objdump): prefer -d instead of -D, some kernels crash objdump otherwise
2018-01-11 12:23:16 +01:00
56b67f8082
Typo in README ( #54 )
2018-01-11 12:01:31 +01:00
52a8f78885
send warning to stderr. ( #53 )
...
With --batch json there must not be any other output on stdout, so redirect warnings to stderr will show the warning on the console and only the json output is on stdout.
2018-01-11 09:55:43 +01:00
a09a5ba38f
bump to v0.25 to reflect changes
2018-01-11 09:08:29 +01:00
5a7d8d7edf
Produce JSON output formatted for Puppet, Ansible, Chef... ( #50 )
...
Produce JSON output formatted for Puppet, Ansible, Chef...
2018-01-11 09:04:13 +01:00
49fdc6c449
Merge pull request #51 from cowanml/file_read_check_fixup
...
fixed file read test
2018-01-10 21:39:09 +01:00
af3de2a862
fixed file read test
2018-01-10 15:17:14 -05:00
c6e1b0ac8a
feat(kernel): add support for LZ4 decompression
2018-01-10 20:10:57 +01:00
b913dacc1b
Merge pull request #48 from speed47/opensuse
...
fix(opensuse): add specific location for ibrs_enabled file
2018-01-10 18:41:30 +01:00
eb0ebef5a8
fix(opensuse): add specific location for ibrs_enabled file
2018-01-10 17:40:33 +01:00
e0254025e8
Merge pull request #47 from speed47/readme
...
update readme
2018-01-10 17:12:54 +01:00
bd010340e6
update readme
2018-01-10 17:12:33 +01:00
a658de2f01
fix(kernel): fix detection for separate /boot partitions
2018-01-10 16:27:16 +01:00
4aed5589fe
Merge pull request #44 from speed47/bootimage
...
feat(kernel): check the BOOT_IMAGE info from cmdline before trying th…
2018-01-10 16:13:00 +01:00
8ed1f5e3af
feat(kernel): check the BOOT_IMAGE info from cmdline before trying the default names
2018-01-10 15:46:29 +01:00
ffc542eb82
bump to v0.23 to reflect changes
2018-01-10 15:25:55 +01:00
74bc7ba637
add --variant to specify what check we want to run
2018-01-10 15:22:30 +01:00
5389ac6844
Merge pull request #41 from bang-communications/master
...
NRPE mode
2018-01-10 15:11:45 +01:00
36fb83215a
Merge pull request #42 from simon-vasseur/style
...
added some style (screenshot in readme)
2018-01-10 15:07:34 +01:00
59fe8c2ad8
Error on unknown batch format
2018-01-10 13:57:10 +00:00
b8d28e7f61
added some style
2018-01-10 14:55:58 +01:00
7c11d07865
Stray tab
2018-01-10 11:59:33 +00:00
7c5cfbb8c3
batch nrpe
2018-01-10 11:57:45 +00:00
381038eceb
NRPE mode
2018-01-10 11:18:45 +00:00
d6e4aa43f0
Merge pull request #37 from deufrai/better-dmesg-support
...
Improve PTI detection
2018-01-09 19:52:45 +01:00
e5e09384f0
typofix
2018-01-09 18:54:35 +01:00
7222367f04
add disclaimer and bump to 0.21
2018-01-09 18:52:21 +01:00
ab512687cf
Merge pull request #38 from Alkorin/fixARM
...
Fix ARM checks
2018-01-09 18:47:25 +01:00
a5aaa790a0
Merge pull request #39 from Alkorin/typo
...
Fix small typo in error message
2018-01-09 18:45:58 +01:00
335439dee0
Fix small typo in error message
2018-01-09 18:44:15 +01:00
45297b6f7d
Fix ARM checks
2018-01-09 18:41:48 +01:00
a7b14306d5
Improve PTI detection even more
...
when PTI detection relies on dmesg, dmesg output is checked first
then /var/log/dmesg if dmesg output lacks boot time messages
2018-01-09 18:26:32 +01:00
608952ff71
Improve PTI detection
...
In case of a busy or misconfigured server, kernel message buffer loop
can be filled with messages broadcasted later than boot time. So dmesg
command wont return boot time messages.
Grepping /var/log/dmesg fixes it and this log file location semms pretty
standard across many common distros
2018-01-09 18:17:39 +01:00
1c3d349667
Merge pull request #31 from Feandil/batch
...
Add a "batch" and "verbose" mode
2018-01-09 18:12:39 +01:00
b93b13263d
fix(pti): remove escapes since we use grep -E now
2018-01-09 16:01:44 +01:00
ad342cab06
Introduce "verbose" and "batch" modes
...
Rewrite the way the output is processed:
- Define verbosity level (currently warn, info (default) & verbose)
- Add a batch mode, for simple machine parsing
2018-01-09 15:58:13 +01:00
5fd85e288b
No-color: interpret string (-e) to be able to mach \x1B
2018-01-09 15:57:10 +01:00
322f4efc8f
fix broken logic of 68961f9, increment version to 0.20
2018-01-09 14:55:12 +01:00
b6bfcdbd45
Move configuration at the beginning of the script
2018-01-09 14:18:02 +01:00
19b01078c2
Merge pull request #32 from speed47/arm
...
adding known non-vulnerable ARM chips
2018-01-09 13:57:27 +01:00
68961f98c2
adding known non-vulnerable ARM chips
2018-01-09 13:11:48 +01:00
f0f2ea9b11
v0.19: introduce --no-color
2018-01-09 10:32:51 +01:00
6f1bdba1d9
bump to v0.18 to reflect changes
2018-01-09 09:21:42 +01:00
7b05105a54
Merge pull request #25 from Feandil/proc_config
...
When using /proc/config.gz, indicate it more clearly
2018-01-09 09:19:36 +01:00
8aed2d4086
Merge pull request #26 from Feandil/proc_kallsym
...
Use /proc/kallsyms to get symbols, if available
2018-01-09 09:17:18 +01:00
f4140a992a
Use /proc/kallsyms to get symbols, if available
2018-01-09 08:58:09 +01:00
2c51b00a90
When using /proc/config.gz, indicate it more clearly
2018-01-09 08:54:07 +01:00
