The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning a list of installed software and matching results with the CVE database. This is not a bullet-proof method and you will have many false positives (ie: vulnerability is fixed with a revision-release, but the tool isn't able to detect the revision itself), yet it is still better than nothing, especially if you are running a distribution with little security coverage.
Clone the git repository
git clone git://github.com/sjvermeu/cvechecker.git cd cvechecker
The following packages are needed:
apt-get install sqlite3 libconfig-dev libsqlite3-dev autoconf xsltproc libbsd-dev
Install CVEChecker
autoreconf --force --install #select sqlite3 or mysql ./configure --enable-sqlite3 --enable-mysql make make install make postinstall
Initialize the sqlite3 database
cvechecker -i
Update the CVE feed
pullcves pull
Installguide for other OS:
https://github.com/sjvermeu/cvechecker/wiki/Installation
You can find configs at the following path
/usr/local/var/cvechecker/ /usr/share/cvechecker ${HOME}/.cvechecker.rc /usr/local/etc/cvechecker.conf /etc/cvechecker.conf
https://rawgit.com/sjvermeu/cvechecker/master/docs/userguide.html
Gather installed software (exclude non software paths like logfiles or windows mounts…)
find / -path /var/spool/icinga2/perfdata -prune -o -path /backup -prune -o -path /marktplatz -prune -o -path /mnt -prune -o -path /media -prune -o -type f -perm -o+x > scanlist.txt echo "/proc/version" >> scanlist.txt
Import installed software into CVEChecker
cvechecker -b scanlist.txt
Match software with CVEs
cvechecker -r -C > CVEs.csv