Show vulnerable packages on Arch Linux with arch-audit

Vulnerable Software Packages on Arch Linux

Vulnerabilities happen and are usually fairly quickly fixed. This is also true for Arch Linux. This rolling distribution can be considered to be always up-to-date, as it uses the latest versions of software packages from the upstream. When there is an update, it doesn’t take long that it becomes available and can be installed with package manager pacman.

One problem that remained was the inability to quickly test if you have any vulnerable packages. After all running pacman -Suy daily works, but that doesn’t say much if known issues were found. Till now, with the new arch-audit tool.

Performing a vulnerability check

The arch-audit tool can be build with the instructions on the website.

With the tool being under development, parsing has to be done on the raw text output. With some creative text filtering we can get an output like this:

Show vulnerable software packages on Arch Linux with pkg-audit

Using arch-audit and some filtering, we can obtain a complete list (with CVE numbers)

Our security scanner Lynis has support for arch-audit as well. So if you rather don’t parse the output and want to perform a security scan daily, then Lynis will do the work for you.

Resources

Automate security audits and know your risks
Lynis Enterprise screenshot to help with system hardening

This blog post is part of our Linux security series to get Linux and Unix-based systems more secure.

Is system hardening taking a lot of time for you? Don't know where to start? We solved that problem: Lynis Enterprise.


2 comments

  • SergiySergiy

    Has program analogs for ubuntu/centos?

    Reply
    • One way is to use Lynis to detect that for Ubuntu. CentOS doesn’t have security details for software packages, except looking at all updates and see if there is something like “security” or “vulnerability” in the change description.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *