The security/cvechecker port
cvechecker-4.0p0 – local CVE checker tool (cvsweb github mirror)
Description
The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning the installed software and matching the results with the CVE database. Indeed, this is not a bullet-proof method and you will most likely have many false positives (vulnerability is fixed with a revision-release, but the tool isn't able to detect the revision itself), yet it is still better than nothing, especially if you are running a distribution with little security coverage.WWW: https://github.com/sjvermeu/cvechecker
Readme
+-----------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-----------------------------------------------------------------------
Initial Configuration
=====================
The user running cvechecker(1) must be part of the _cvechecker group:
# usermod -G _cvechecker
Edit ${SYSCONFDIR}/cvechecker.conf to your particular setup.
Then the database initialization is done by running:
$ cvechecker -i
(this step is required for both MariaDB and SQLite).
At last, the CVE data needs to be put into the database:
$ pullcves pull
Note that the first time this command is run, it will take a long time.
Subsequent calls to pullcves(1) will only update the current year and
will be much faster. It is advised to run this command regularly to make
sure the local CVE database is up to date with upstream.
Getting started with cvechecker
===============================
cvechecker(1) will scan a list of files and check whether there is a
corresponding CVE according to its version. For example, to check
binaries from installed packages(7):
$ find ${LOCALBASE}/{bin,libexec,sbin} -type f -perm -o+x > scanlist.txt
$ cvechecker -b scanlist.txt
$ cvechecker -r
Maintainer
The OpenBSD ports mailing-list
Categories
Library dependencies
Build dependencies
Run dependencies
Files
- /etc/cvechecker.conf
- /usr/local/bin/cvechecker
- /usr/local/bin/cvegenversdat
- /usr/local/bin/cvereport
- /usr/local/bin/cverules
- /usr/local/bin/pullcves
- /usr/local/man/man1/cvechecker.1
- /usr/local/man/man1/cvegenversdat.1
- /usr/local/man/man1/cvereport.1
- /usr/local/man/man1/cverules.1
- /usr/local/man/man1/pullcves.1
- /usr/local/share/cvechecker/
- /usr/local/share/cvechecker/csv2xml.awk
- /usr/local/share/cvechecker/cvereport.xsl
- /usr/local/share/cvechecker/mysql_cvechecker.sql
- /usr/local/share/cvechecker/report.css
- /usr/local/share/doc/cvechecker/
- /usr/local/share/doc/cvechecker/acknowledgements.xml
- /usr/local/share/doc/cvechecker/userguide.xml
- /usr/local/share/doc/pkg-readmes/cvechecker
- /usr/local/share/examples/cvechecker/
- /usr/local/share/examples/cvechecker/cvechecker.conf
- /var/db/cvechecker/
- /var/db/cvechecker/cache/
- /var/db/cvechecker/local/
- @extraunexec rm /var/db/cvechecker/*.db 2>/dev/null || true
- @extraunexec rm /var/db/cvechecker/cache/* 2>/dev/null || true
- @extraunexec rm /var/db/cvechecker/local/* 2>/dev/null || true
- @newgroup _cvechecker:712