#arch-linux #security #data-security

bin+lib arch-audit

A utility like pkg-audit for Arch Linux based on Arch Security Team data

21 releases

0.2.0 Jul 23, 2024
0.1.20 Sep 2, 2021
0.1.19 Apr 3, 2021
0.1.17 Feb 17, 2021
0.1.5 Nov 8, 2016

#1038 in Command line utilities


Used in arch-audit-gtk

MIT and GPL-3.0 licenses

36KB
892 lines

arch-audit

crats.io Build Status

pkg-audit-like utility for Arch Linux.

Based on data from security.archlinux.org collected by the awesome Arch Security Team.

Installation

Latest release from official repositories

pacman -S arch-audit

Development version from AUR

The PKGBUILD is available on AUR.

After the installation just execute arch-audit.

Development version from sources

git clone https://gitlab.archlinux.org/archlinux/arch-audit.git
cd arch-audit
cargo build
cargo run

Completion

Completions are generated using the completions subcommand of arch-audit and are available for various shells like zsh, bash, fish and more:

arch-audit completions zsh > /usr/share/zsh/site-functions/_arch-audit
arch-audit completions bash > /usr/share/bash-completion/completions/arch-audit
arch-audit completions fish > /usr/share/fish/vendor_completions.d/arch-audit.fish

Example output

$ arch-audit
bzip2 is affected by CVE-2016-3189. Medium risk!
curl is affected by CVE-2016-9594, CVE-2016-9586. Update to 7.52.1-1!
gst-plugins-bad is affected by CVE-2016-9447, CVE-2016-9446, CVE-2016-9445. High risk!
jasper is affected by CVE-2016-8886. Medium risk!
libimobiledevice is affected by CVE-2016-5104. Low risk!
libtiff is affected by CVE-2015-7554. Critical risk!
libusbmuxd is affected by CVE-2016-5104. Low risk!
openjpeg2 is affected by CVE-2016-9118, CVE-2016-9117, CVE-2016-9116, CVE-2016-9115, CVE-2016-9114, CVE-2016-9113. High risk!
openssl is affected by CVE-2016-7055. Low risk!

$ arch-audit --upgradable --quiet
curl>=7.52.1-1

$ arch-audit -uf "%n|%c"
curl|CVE-2016-9594,CVE-2016-9586

Donate

Donations via Liberapay or Bitcoin (1Ph3hFEoQaD4PK6MhL3kBNNh9FZFBfisEH) are always welcomed, thank you!

False Positive

Please before reporting false positive check https://security.archlinux.org first. arch-audit parses that page and then if that page reports a false positive, arch-audit will do too. Get in touch with the Arch Linux Security team via IRC at #archlinux-security channel on Libera. Thanks!

License

MIT

Dependencies

~12–26MB
~416K SLoC