/pacheck

🔍 Checks installed Arch packages for known vulnerabilities

Primary LanguageGoGNU General Public License v3.0GPL-3.0

Pacheck

pacheck logo License: GPL v3 Codacy Badge

Description

The name of this tool is a combination of the words pacman and check :-)

This tool checks installed Arch packages for known vulnerabilities. The data is collected from the amazing Arch security dashboard and matched against all currently installed packages.

My goal is to provide an alternative to the existing tool arch-audit

Requirements

  • Arch Linux (pacman)
  • Go v1.14 (build only)

How-To

Install

git clone https://github.com/FritzJo/pacheck.git
cd pacheck
sudo make install

Build

git clone https://github.com/FritzJo/pacheck.git
cd pacheck
make build
./bin/pacheck

Commandline options

Parameter Description
-q quiet: Only prints the name and version of vulnerable packages
-c cache: Use the last cached json (required if you want to use this tool offline)
-u update: Fetch the latest json without scanning any packages

Example output

> pacheck
High: inetutils 1.9.4-7 CVE-2019-0053
Low: libmp4v2 2.0.0-5 CVE-2018-14054
Medium: libtiff 4.0.10-1 CVE-2019-7663 CVE-2019-6128
Low: openjpeg2 2.3.1-1 CVE-2019-6988
High: pacman 5.1.3-1 CVE-2019-18183 CVE-2019-18182
Low: unzip 6.0-13 CVE-2018-1000035

Roadmap

  • Code improvements
    • Improve performance
    • Add more comments
  • Implement most features of arch-audit