HardeningMeter: An Open-Source Tool for Security Hardening Assessment
Share
HardeningMeter is an open-source Python tool designed to evaluate the security hardening of binaries and systems.
It provides detailed insights into various binary exploitation protection mechanisms, helping developers and system administrators identify vulnerabilities and strengthen their security measures. This guide covers its features, installation, usage, and output interpretation.
Key Features
-
Binary Exploitation Protections: Assesses mechanisms like Stack Canary, RELRO, Address Space Layout Randomization (ASLR), Position Independent Code (PIC), Position Independent Executable (PIE), Non-Executable Stack, Fortify, AddressSanitizer (ASAN), and NX bit.
-
Comprehensive Scans: Supports scanning individual files, directories (recursively for ELF files), or the entire system.
-
Cross-Platform Compatibility: Works with all Linux distributions.
-
Flexible Output Options: Results can be displayed in a table format or exported as CSV/JSON files for integration with other tools.
-
Machine Readable: Outputs are tailored for both human readability and automated processing.
Installation Requirements
Before installing HardeningMeter, ensure your system meets the following prerequisites:
-
Linux OS: The tool is currently only supported on Linux systems.
-
Python 3: Ensure Python 3 is installed.
-
Dependencies:
-
readelf and file commands
-
pip package manager
-
tabulate library (install using pip install tabulate)
Installation Steps
Follow these steps to install HardeningMeter:
1.Clone the repository from GitHub:
git clone https://github.com/OfriOuzan/HardeningMeter
2.Navigate to the project directory:
cd HardeningMeter
3.Install the required Python dependencies:
pip install tabulate
No additional compilation or installation is required.
Usage Instructions
HardeningMeter provides various arguments to customize scans. Below are common usage scenarios:
Arguments
-
-f or --file: Specify one or more files to scan, separated by spaces.
-
-d or --directory: Scan all ELF files in a specified directory recursively.
-
-e or --external: Enable external checks (disabled by default).
-
-m or --show_missing: Display only files missing hardening mechanisms.
-
-s or --system: Scan system-wide hardening methods.
-
-c or --csv_format: Save results in CSV format.
-
-j or --json_format: Save results in JSON format for easier integration with other tools.
Examples
1.Scan a Single File:
python3 HardeningMeter.py -f /bin/cp
2.Scan a Directory:
python3 HardeningMeter.py -d /usr/bin
3.Scan the System and Export Results to CSV:
python3 HardeningMeter.py -s -c
4.Show Only Files Missing Security Mechanisms:
python3 HardeningMeter.py -m -d /usr/bin
Note: If your Linux system's default language is not English, prepend the command with LC_ALL=C to ensure compatibility.
Output Interpretation
HardeningMeter outputs results in a table format by default, with three possible states for each security mechanism:
-
(X): The mechanism is disabled.
-
(V): The mechanism is enabled.
-
(-): The mechanism is not relevant for the file.
For example:
|
File |
Stack Canary |
RELRO |
ASLR |
NX Bit |
... |
|
/bin/cp |
V |
V |
V |
X |
... |
|
/usr/bin/bash |
X |
V |
V |
V |
... |
This table helps identify binaries requiring additional attention.
Conclusion
HardeningMeter is an essential tool for developers and security professionals aiming to enhance the security posture of their binaries and systems. .
By providing detailed insights into hardening mechanisms and offering flexible output options, it simplifies vulnerability assessment and remediation efforts.
For further details, refer to the tool's documentation included in the repository. You can learn more and Download HardeningMeter in GitHub.
Upgrade Your Cybersecurity Skills EHA: Learn 150+ Practical Cyber Security Courses Online With Life Time Access - Enroll Here