From Gentoo Wiki
Jump to:navigation Jump to:search

cvechecker is a small utility that provides reports on potentially vulnerable software.

cvechecker is for Gentoo systems and written and is maintained by former Gentoo developer Sven Vermeulen (SwifT) .


Manual installation

Installation is possible via swift's overlay. Use eselect repository (or equivalent) to add the unregistered repository:

root #eselect repository add sjvermeu git

Perform the initial sync:

root #emaint sync -r sjvermeu

Emerge the package:

root #emerge --ask app-admin/cvechecker


User account

Upstream instructions suggest creating a service account to run cvechecker.[1]


Quick start instructions can be found upstream.

Database initialization

The initial pull of the database using the below command will take some time and is synced into the /var/lib/cvechecker/cache/ directory:

root #pullcves pull
As of April 14th, 2021, the cache/ (902.6 MiB) and local/ (142.7 MiB) directories are just over 1 GiB.


user $cvechecker --help
Usage: cvechecker [OPTION...]
cvechecker -- Verify the state of the system against a CVE database

  -b, --binlist=binlist      List of binary files on the system
  -c, --cvedata=cvefile      CSV file with CVE information (cfr. nvd2simple)
  -C, --csvoutput            Use (parseable) CSV output
  -d, --deltaonly            Given binaries or lists should be added only (not
                             a full replacement)
  -D, --deletedeltaonly      Given binaries or lists should be removed (not a
                             full replacement)
  -f, --fileinfo=binfile     File to obtain detected CPE of
  -H, --reporthigher         Report also when CVEs have been detected for
                             higher versions
  -i, --initdbs              Initialize all databases
  -l, --loaddata=datafile    Load version gathering data file
  -r, --runcheck             Execute the checks (match installed software with
  -s, --showinstalled        Output detected software/versions
  -S, --showinstalledfiles   Output detected software/versions with file
  -w, --watchlist=watchlist  List of CPEs to watch for (assume these are
  -?, --help                 Give this help list
      --usage                Give a short usage message
  -V, --version              Print program version

Mandatory or optional arguments to long options are also mandatory or optional
for any corresponding short options.

Report bugs to <>.



root #emerge --ask --depclean --verbose app-admin/cvechecker

See also

External resources