#archlinux #security

bin+lib arch-audit

A utility like pkg-audit for Arch Linux based on Arch Security Team data

19 releases

0.1.19 Apr 3, 2021
0.1.17 Feb 17, 2021
0.1.15 Mar 3, 2020
0.1.11 Nov 26, 2019
0.1.5 Nov 8, 2016

#443 in Command line utilities

Download history 3/week @ 2021-02-24 6/week @ 2021-03-03 42/week @ 2021-03-24 50/week @ 2021-03-31 36/week @ 2021-04-07 76/week @ 2021-04-14 13/week @ 2021-04-21 7/week @ 2021-04-28 5/week @ 2021-05-05 27/week @ 2021-05-12 6/week @ 2021-05-19 6/week @ 2021-05-26 4/week @ 2021-06-02 28/week @ 2021-06-09

105 downloads per month
Used in arch-audit-gtk

MIT and GPL-3.0 licenses

35KB
898 lines

arch-audit

crats.io Build Status FOSSA Status

pkg-audit-like utility for Arch Linux.

Based on data from security.archlinux.org collected by the awesome Arch Security Team.

Installation

Latest release from official repositories

pacman -S arch-audit

Development version from AUR

The PKGBUILD is available on AUR.

After the installation just execute arch-audit.

Development version from sources

git clone https://github.com/ilpianista/arch-audit
cd arch-audit
cargo build
cargo run

Completion

Completions are generated using the completions subcommand of arch-audit and are available for various shells like zsh, bash, fish and more:

arch-audit completions zsh > /usr/share/zsh/site-functions/_arch-audit
arch-audit completions bash > /usr/share/bash-completion/completions/arch-audit
arch-audit completions fish > /usr/share/fish/vendor_completions.d/arch-audit.fish

Example output

$ arch-audit
bzip2 is affected by CVE-2016-3189. Medium risk!
curl is affected by CVE-2016-9594, CVE-2016-9586. Update to 7.52.1-1!
gst-plugins-bad is affected by CVE-2016-9447, CVE-2016-9446, CVE-2016-9445. High risk!
jasper is affected by CVE-2016-8886. Medium risk!
libimobiledevice is affected by CVE-2016-5104. Low risk!
libtiff is affected by CVE-2015-7554. Critical risk!
libusbmuxd is affected by CVE-2016-5104. Low risk!
openjpeg2 is affected by CVE-2016-9118, CVE-2016-9117, CVE-2016-9116, CVE-2016-9115, CVE-2016-9114, CVE-2016-9113. High risk!
openssl is affected by CVE-2016-7055. Low risk!

$ arch-audit --upgradable --quiet
curl>=7.52.1-1

$ arch-audit -uf "%n|%c"
curl|CVE-2016-9594,CVE-2016-9586

Donate

Donations via Liberapay or Bitcoin (1Ph3hFEoQaD4PK6MhL3kBNNh9FZFBfisEH) are always welcomed, thank you!

False Positive

Please before reporting false positive check https://security.archlinux.org first. arch-audit parses that page and then if that page reports a false positive, arch-audit will do too. Get in touch with the Arch Linux Security team via IRC at freenode#archlinux-security. Thanks!

License

MIT

FOSSA Status

Dependencies

~8–15MB
~338K SLoC