checksecurity - basic system security checks

Property Value
Distribution Ubuntu 16.04 LTS (Xenial Xerus)
Repository Ubuntu Main amd64
Package filename checksecurity_2.0.16+nmu1ubuntu1_all.deb
Package name checksecurity
Package version 2.0.16+nmu1ubuntu1
Package release -
Package architecture all
Package type deb
Category admin
Homepage -
License -
Maintainer Ubuntu Developers <>
Download size 21.71 KB
Installed size 83.00 KB
Checksecurity can periodically do some very basic system security checks:
* check-setuid  - scans for insecurely mounted remote file systems,
and tracks changes in setuid programs;
* check-sockets - tracks changes in open ports to detect rogue programs;
* check-passwd  - scans for empty or duplicate system accounts;
* check-disfree - scans for mounted filesystems nearing capacity;
* check-iptables-logs -  scans logs generated by iptables and look
for intrusion attempts.
Be aware that these minimal set of checks are no substitute for a full
security auditing and integrity checking system.
In addition to these checks you are encourage to install additional packages
(listed in "Recommends") to provide more information concerning the security
or vulnerability of your system.
Installing the suggested package lockfile-progs can help to prevent
the cron jobs running multiple times if something gets jammed.


Package Version Architecture Repository
checksecurity_2.0.16+nmu1ubuntu1_all.deb 2.0.16+nmu1ubuntu1 all Ubuntu Main
checksecurity - - -


Name Value
anacron -
cron >= 3.0pl1-74
debconf >= 0.5
debconf-2.0 -
perl >= 5.8.0
util-linux >= 2.15~rc1-1


Name Value
lockfile-progs << 0.1.7


Name Value
cron -


Type URL
Binary Package checksecurity_2.0.16+nmu1ubuntu1_all.deb
Source Package checksecurity

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install checksecurity deb package:
    # sudo apt-get install checksecurity




2016-03-09 - Nishanth Aravamudan <>
checksecurity (2.0.16+nmu1ubuntu1) xenial; urgency=medium
* Merge from Debian unstable (LP: #1555357). Remaining changes:
- Downgrade all Recommends to Suggests.
* Do not downgrade logcheck to Suggests, it is in main.
* Remove fcron from Depends, it is not in the archive.
2015-12-29 - Andreas Metzler <>
checksecurity (2.0.16+nmu1) unstable; urgency=medium
* Non-maintainer upload.
* Use "find -perm /x" instead of "find -perm +x". Closes: #731944
2015-02-21 - Javier Fernández-Sanguino Peña <>
checksecurity (2.0.16) unstable; urgency=medium
* plugins/check-setuid: Prevent error from find by putting
-ignore_readdir_race as first option (Closes: 714152)
* plugins/check-iptables-logs, man/check-iptables-logs.8: Add new plugin to
check for iptables logs and provide information of attacked ports,
blacklisted hosts (using fail2ban), etc.
* etc/global-checksecurity.conf: Add information for the new plugin, this is 
disabled by default (as systems might not have iptables configured and,
even if enabled, there might not be a log target)
* man/{check-diskfree.8,check-passwd.8,check-setuid.8}: Clarify that these
plugins are written to be run by checksecurity. Some of the plugins might 
not work if missing some environment variables (which are defined by
* man/checksecurity.8: Add a reference to the new plugin check-iptables-logs
* debian/control: Improve the package description with the recommendations
made by Justin B Rye (Closes: #688070) 
* debian/control: Add debsecan to the Recommends, this provides notification
of vulnerabilities in the system and security updates (Closes: #253097)
* etc/check-setuid.conf: Exclude more filesystems for the setuid checks as
are system based filesystems
* debian/po/tr.po: Add Turkish translation provided by Mert Dirik 
(Closes: #759874)
2014-06-04 - Michael Vogt <>
checksecurity (2.0.15ubuntu1) utopic; urgency=low
* Merge from Debian unstable.  Remaining changes:
- Downgrade all Recommends to Suggests.
- Downgrade fcron from Depends to Suggest, it is in universe
and we are already depending on anacron
2013-09-28 - Javier Fernández-Sanguino Peña <>
checksecurity (2.0.15) unstable; urgency=medium
* Fix bug in the CS_NFSAFS definition in etc/check-setuid.conf that prevents
the script from matching any filesystem. This bug was, actually, making the
script not do anything in the default configuration. (Closes: 724687)
Thanks go to Alessandro Vesely for spotting this bug and providing a fix.
* debian/control: Adjust the maintainer's name
2010-10-29 - Angel Abad <>
checksecurity (2.0.14ubuntu1) natty; urgency=low
* Merge from debian unstable (LP: #668500). Remaining changes:
- Downgrade all Recommends to Suggests.
- Downgrade fcron from Depends to Suggest, it is in universe
and we are already depending on anacron
2010-10-27 - Javier Fernandez-Sanguino Pen~a <>
checksecurity (2.0.14) unstable; urgency=low
* plugins/check-setuid:
- Integrate changes to from Ubuntu to make use of ionice when calling
find. (Closes: #578640)
- Use the -ignore_readdir_race option when calling find to avoid
error messages when encountering stale files (Closes: #583809)
* etc/global-checksecurity.conf: Adjust comments associated to  
CHECKSECURITY_EMAIL to point to bsd-mailx instead of mailx and 
remove reference to cron. (Closes: #541636)
* debian/control: Depend on util-linux (>= 2.15~rc1-1) which provides
* debian/compat: Change from 4 to 5
* debian/rules: Adjust calls to dh_clean

See Also

Package Description
cheese-common_3.18.1-2ubuntu3_all.deb Common files for the Cheese tool to take pictures and videos
cheese_3.18.1-2ubuntu3_amd64.deb tool to take pictures and videos from your webcam
cifs-utils_6.4-1ubuntu1_amd64.deb Common Internet File System utilities
cinder-api_8.0.0-0ubuntu1_all.deb Cinder storage service - API server
cinder-backup_8.0.0-0ubuntu1_all.deb Cinder storage service - Scheduler server
cinder-common_8.0.0-0ubuntu1_all.deb Cinder storage service - common files
cinder-scheduler_8.0.0-0ubuntu1_all.deb Cinder storage service - Scheduler server
cinder-volume_8.0.0-0ubuntu1_all.deb Cinder storage service - Volume server
clamav-base_0.99+dfsg-1ubuntu1_all.deb anti-virus utility for Unix - base package
clamav-daemon_0.99+dfsg-1ubuntu1_amd64.deb anti-virus utility for Unix - scanner daemon
clamav-docs_0.99+dfsg-1ubuntu1_all.deb anti-virus utility for Unix - documentation
clamav-freshclam_0.99+dfsg-1ubuntu1_amd64.deb anti-virus utility for Unix - virus database update utility
clamav_0.99+dfsg-1ubuntu1_amd64.deb anti-virus utility for Unix - command-line interface
clamdscan_0.99+dfsg-1ubuntu1_amd64.deb anti-virus utility for Unix - scanner client
cli-common-dev_0.9+nmu1_all.deb common files for building CLI packages