About
This LPVS Linux package vulnerability scanner uses public security news feeds provided by the Linux distributions to detect out-of-date packages that could pose a threat for your server. The scanner currently runs on- Ubuntu
- CentOS
Limitations
Please know that the scanner works by comparing complex package version numbers and therefore is limited to do overly exact matches. It works best on an almost up-to-date installation. For example where you run the latest Ubuntu LTS release and do weekly or on demand updates. The current goal of the scanner is to avoid false positives and to be useful for daily analysis of a large number of systems. Note: When on Debian use debsecan instead! On FreeBSD use Portaudit.Installation + Running
Download lpvs-scan.pl version 0.2, put it anywhere you like and run it like this
./lpvs-scan.plNo need to run as root, any user will do. It just needs
- Perl 5
- Perl module XML::LibXSLT
- Perl module XML::LibXML
- and internet access
Screenshots
Below you find a screenshot from a CentOS setup. Green lines indicate security advisory covering packages that are installed and up-to-date. Yellow lines indicate security advisories not applicable as the related packages are not installed. Red ones of course indicate a vulnerability.