Commit Graph

116 Commits

Author SHA1 Message Date
bfe5a3b840 add some debug 2018-01-12 10:53:19 +01:00
6a0242eea3 bump to v0.27 v0.27 2018-01-11 15:36:41 +01:00
bc4e39038a fix(opcodes): fix regression introduced in previous commit
We were saying unknown instead of vulnerable when the count of lfence opcodes was low
This was not impacting batch mode or the final decision, just the human-readable output of the script.
2018-01-11 15:35:57 +01:00
62f8ed6f61 adding support for new /sys interface (#55)
* adding support for new /sys interface
* fix(objdump): prefer -d instead of -D, some kernels crash objdump otherwise
v0.26
2018-01-11 12:23:16 +01:00
56b67f8082 Typo in README (#54) 2018-01-11 12:01:31 +01:00
52a8f78885 send warning to stderr. (#53)
With --batch json there must not be any other output on stdout, so redirect warnings to stderr will show the warning on the console and only the json output is on stdout.
2018-01-11 09:55:43 +01:00
a09a5ba38f bump to v0.25 to reflect changes v0.25 2018-01-11 09:08:29 +01:00
5a7d8d7edf Produce JSON output formatted for Puppet, Ansible, Chef... (#50)
Produce JSON output formatted for Puppet, Ansible, Chef...
2018-01-11 09:04:13 +01:00
49fdc6c449 Merge pull request #51 from cowanml/file_read_check_fixup
fixed file read test
2018-01-10 21:39:09 +01:00
af3de2a862 fixed file read test 2018-01-10 15:17:14 -05:00
c6e1b0ac8a feat(kernel): add support for LZ4 decompression v0.24 2018-01-10 20:10:57 +01:00
b913dacc1b Merge pull request #48 from speed47/opensuse
fix(opensuse): add specific location for ibrs_enabled file
2018-01-10 18:41:30 +01:00
eb0ebef5a8 fix(opensuse): add specific location for ibrs_enabled file 2018-01-10 17:40:33 +01:00
e0254025e8 Merge pull request #47 from speed47/readme
update readme
2018-01-10 17:12:54 +01:00
bd010340e6 update readme 2018-01-10 17:12:33 +01:00
a658de2f01 fix(kernel): fix detection for separate /boot partitions 2018-01-10 16:27:16 +01:00
4aed5589fe Merge pull request #44 from speed47/bootimage
feat(kernel): check the BOOT_IMAGE info from cmdline before trying th…
2018-01-10 16:13:00 +01:00
8ed1f5e3af feat(kernel): check the BOOT_IMAGE info from cmdline before trying the default names 2018-01-10 15:46:29 +01:00
ffc542eb82 bump to v0.23 to reflect changes v0.23 2018-01-10 15:25:55 +01:00
74bc7ba637 add --variant to specify what check we want to run v0.22 2018-01-10 15:22:30 +01:00
5389ac6844 Merge pull request #41 from bang-communications/master
NRPE mode
2018-01-10 15:11:45 +01:00
36fb83215a Merge pull request #42 from simon-vasseur/style
added some style (screenshot in readme)
2018-01-10 15:07:34 +01:00
59fe8c2ad8 Error on unknown batch format 2018-01-10 13:57:10 +00:00
b8d28e7f61 added some style 2018-01-10 14:55:58 +01:00
7c11d07865 Stray tab 2018-01-10 11:59:33 +00:00
7c5cfbb8c3 batch nrpe 2018-01-10 11:57:45 +00:00
381038eceb NRPE mode 2018-01-10 11:18:45 +00:00
d6e4aa43f0 Merge pull request #37 from deufrai/better-dmesg-support
Improve PTI detection
2018-01-09 19:52:45 +01:00
e5e09384f0 typofix 2018-01-09 18:54:35 +01:00
7222367f04 add disclaimer and bump to 0.21 v0.21 2018-01-09 18:52:21 +01:00
ab512687cf Merge pull request #38 from Alkorin/fixARM
Fix ARM checks
2018-01-09 18:47:25 +01:00
a5aaa790a0 Merge pull request #39 from Alkorin/typo
Fix small typo in error message
2018-01-09 18:45:58 +01:00
335439dee0 Fix small typo in error message 2018-01-09 18:44:15 +01:00
45297b6f7d Fix ARM checks 2018-01-09 18:41:48 +01:00
a7b14306d5 Improve PTI detection even more
when PTI detection relies on dmesg, dmesg output is checked first
then /var/log/dmesg if dmesg output lacks boot time messages
2018-01-09 18:26:32 +01:00
608952ff71 Improve PTI detection
In case of a busy or misconfigured server, kernel message buffer loop
can be filled with messages broadcasted later than boot time. So dmesg
command wont return boot time messages.

Grepping /var/log/dmesg fixes it and this log file location semms pretty
standard across many common distros
2018-01-09 18:17:39 +01:00
1c3d349667 Merge pull request #31 from Feandil/batch
Add a "batch" and "verbose" mode
2018-01-09 18:12:39 +01:00
b93b13263d fix(pti): remove escapes since we use grep -E now 2018-01-09 16:01:44 +01:00
ad342cab06 Introduce "verbose" and "batch" modes
Rewrite the way the output is processed:
- Define verbosity level (currently warn, info (default) & verbose)
- Add a batch mode, for simple machine parsing
2018-01-09 15:58:13 +01:00
5fd85e288b No-color: interpret string (-e) to be able to mach \x1B 2018-01-09 15:57:10 +01:00
322f4efc8f fix broken logic of 68961f9, increment version to 0.20 v0.20 2018-01-09 14:55:12 +01:00
b6bfcdbd45 Move configuration at the beginning of the script 2018-01-09 14:18:02 +01:00
19b01078c2 Merge pull request #32 from speed47/arm
adding known non-vulnerable ARM chips
2018-01-09 13:57:27 +01:00
68961f98c2 adding known non-vulnerable ARM chips 2018-01-09 13:11:48 +01:00
f0f2ea9b11 v0.19: introduce --no-color v0.19 2018-01-09 10:32:51 +01:00
6f1bdba1d9 bump to v0.18 to reflect changes v0.18 2018-01-09 09:21:42 +01:00
7b05105a54 Merge pull request #25 from Feandil/proc_config
When using /proc/config.gz, indicate it more clearly
2018-01-09 09:19:36 +01:00
8aed2d4086 Merge pull request #26 from Feandil/proc_kallsym
Use /proc/kallsyms to get symbols, if available
2018-01-09 09:17:18 +01:00
f4140a992a Use /proc/kallsyms to get symbols, if available 2018-01-09 08:58:09 +01:00
2c51b00a90 When using /proc/config.gz, indicate it more clearly 2018-01-09 08:54:07 +01:00