PACAUDIT HAS A BUG THAT WILL NOT BE FIXED. PLEASE USE ARCH-AUDIT.
pacaudit audits installed packages on Arch Linux against known vulnerabilities listed on https://security.archlinux.org
It ships with a preInstall hook for pacman that warns you if you try to install a vulnerable package.
You can also check your local installation against offline vulnerability data. This is useful for systems without web access. Check the man page for more information.
trizen -S pacaudit
or
yay pacaudit
or
any other AUR helper
-
pacaudit
prints all vulnerable packages by name and the sum of all vulnerable packages
-
pacaudit -v
prints all vulnerable packages by name, with CVE, severity and the sum of all vulnerable packages
-
pacaudit -n
returns "OK" if no vulnerable packages are installed, "WARNING" if no vulnerable package with severity HIGH or higher is installed and CRITICAL else
-
pacaudit -c
print results colorized. Used with verbose (-v) flag
-
pacaudit -p PKGNAME
check if PKGNAME is listed as vulnerable. Useful for alpk-hooks
-
pacaudit -i /PATH/TO/JSON/FILE
pacaudit uses the provided json file instead of the online list of vulnerable packages. Useful for hosts without web access.
-
pacaudit -d
download json file for offline comparison
-
pacaudit -h
print usage and info