add kernel version information to the output

Merge pull request #5 from fccagou/centos
fix(centos): check according to redhat patch.
2025-07-15 15:21:23 +02:00 · 2018-01-08 12:14:12 +01:00 · 2018-01-08 12:10:07 +01:00 · 2018-01-08 11:14:22 +01:00
1 changed files with 12 additions and 6 deletions
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@ -1,7 +1,7 @@
 #! /bin/sh
 # Spectre & Meltdown checker
 # Stephane Lesimple
-VERSION=0.11
+VERSION=0.12

 # print status function
 pstatus()
@ -84,12 +84,15 @@ extract_vmlinux()
 # root check

 if [ "$(id -u)" -ne 0 ]; then
-	/bin/echo -e "\033[31mNote that you should launch this script with root privileges to get accurate information."
-	/bin/echo -e "\033[31mWe'll proceed but you might see permission denied errors."
-	/bin/echo -e "\033[31mTo run it as root, you can try the following command: sudo $0"
+	/bin/echo -e "\033[31mNote that you should launch this script with root privileges to get accurate information.\033[0m"
+	/bin/echo -e "\033[31mWe'll proceed but you might see permission denied errors.\033[0m"
+	/bin/echo -e "\033[31mTo run it as root, you can try the following command: sudo $0\033[0m"
 	/bin/echo
 fi

+/bin/echo -e "Checking vulnerabilities against \033[35m"$(uname -s) $(uname -r) $(uname -m)"\033[0m"
+/bin/echo
+
 ###########
 # SPECTRE 1
 /bin/echo -e "\033[1;34mCVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'\033[0m"
@ -165,7 +168,7 @@ if [ -e /sys/kernel/debug/sched_features ]; then
 	# try to mount the debugfs hierarchy ourselves and remember it to umount afterwards
 	mount -t debugfs debugfs /sys/kernel/debug 2>/dev/null && mounted_debugfs=1
 fi
-if [ -e /sys/kernel/debug/ibrs_enabled ]; then
+if [ -e /sys/kernel/debug/ibrs_enabled -o -e /sys/kernel/debug/x86/ibrs_enabled ]; then
 	# if the file is there, we have IBRS compiled-in
 	pstatus green YES
 	ibrs_supported=1
@ -173,7 +176,7 @@ else
 	pstatus red NO
 fi

-ibrs_enabled=$(cat /sys/kernel/debug/ibrs_enabled 2>/dev/null)
+[ -f /sys/kernel/debug/ibrs_enabled ] && ibrs_enabled=$(cat /sys/kernel/debug/ibrs_enabled 2>/dev/null) || ibrs_enabled=$(cat /sys/kernel/debug/x86/ibrs_enabled 2>/dev/null)
 /bin/echo -n "*   IBRS enabled for Kernel space: "
 # 0 means disabled
 # 1 is enabled only for kernel space
@ -288,6 +291,9 @@ elif dmesg | grep -Eq 'Kernel/User page tables isolation: enabled|Kernel page ta
 	# if we can't find the flag, grep in dmesg
 	pstatus green YES
 	kpti_enabled=1
+elif [ -e /sys/kernel/debug/x86/pti_enabled -a "$(cat /sys/kernel/debug/x86/pti_enabled)" = 1 ]; then
+	pstatus green YES
+	kpti_enabled=1
 else
 	pstatus red NO
 fi
Author	SHA1	Message	Date
Stéphane Lesimple	c792fa35bf	add kernel version information to the output	2018-01-08 12:14:12 +01:00
Stéphane Lesimple	d1498fe03f	Merge pull request #5 from fccagou/centos fix(centos): check according to redhat patch.	2018-01-08 12:10:07 +01:00
fccagou	0f50e04dab	fix(centos): check according to redhat patch. https://access.redhat.com/articles/3311301	2018-01-08 11:14:22 +01:00