====== CVEChecker ======
>The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning a list of installed software and matching results with the CVE database. This is not a bullet-proof method and you will have many false positives (ie: vulnerability is fixed with a revision-release, but the tool isn't able to detect the revision itself), yet it is still better than nothing, especially if you are running a distribution with little security coverage.
[[https://github.com/sjvermeu/cvechecker|https://github.com/sjvermeu/cvechecker]]
===== Installation =====
Clone the git repository
git clone git://github.com/sjvermeu/cvechecker.git
cd cvechecker
The following packages are needed:
apt-get install sqlite3 libconfig-dev libsqlite3-dev autoconf xsltproc libbsd-dev
Install CVEChecker
autoreconf --force --install
#select sqlite3 or mysql
./configure --enable-sqlite3 --enable-mysql
make
make install
make postinstall
Initialize the sqlite3 database
cvechecker -i
Update the CVE feed
pullcves pull
Installguide for other OS:\\
[[https://github.com/sjvermeu/cvechecker/wiki/Installation|https://github.com/sjvermeu/cvechecker/wiki/Installation]]
===== Configuration =====
You can find configs at the following path
/usr/local/var/cvechecker/
/usr/share/cvechecker
${HOME}/.cvechecker.rc
/usr/local/etc/cvechecker.conf
/etc/cvechecker.conf
===== Usage =====
FIXME
[[https://rawgit.com/sjvermeu/cvechecker/master/docs/userguide.html|https://rawgit.com/sjvermeu/cvechecker/master/docs/userguide.html]]
Gather installed software (exclude non software paths like logfiles or windows mounts...)
find / -path /var/spool/icinga2/perfdata -prune -o -path /backup -prune -o -path /marktplatz -prune -o -path /mnt -prune -o -path /media -prune -o -type f -perm -o+x > scanlist.txt
echo "/proc/version" >> scanlist.txt
Import installed software into CVEChecker
cvechecker -b scanlist.txt
Match software with CVEs
cvechecker -r -C > CVEs.csv