35 lines
1.3 KiB
Plaintext
35 lines
1.3 KiB
Plaintext
$OpenBSD: README,v 1.7 2020/07/31 13:28:05 ajacoutot Exp $
|
|
|
|
+-----------------------------------------------------------------------
|
|
| Running ${PKGSTEM} on OpenBSD
|
|
+-----------------------------------------------------------------------
|
|
|
|
Initial Configuration
|
|
=====================
|
|
|
|
The user running cvechecker(1) must be part of the _cvechecker group:
|
|
# usermod -G _cvechecker <username>
|
|
|
|
Edit ${SYSCONFDIR}/cvechecker.conf to your particular setup.
|
|
|
|
Then the database initialization is done by running:
|
|
$ cvechecker -i
|
|
(this step is required for both MariaDB and SQLite).
|
|
|
|
At last, the CVE data needs to be put into the database:
|
|
$ pullcves pull
|
|
Note that the first time this command is run, it will take a long time.
|
|
Subsequent calls to pullcves(1) will only update the current year and
|
|
will be much faster. It is advised to run this command regularly to make
|
|
sure the local CVE database is up to date with upstream.
|
|
|
|
Getting started with cvechecker
|
|
===============================
|
|
|
|
cvechecker(1) will scan a list of files and check whether there is a
|
|
corresponding CVE according to its version. For example, to check
|
|
binaries from installed packages(7):
|
|
$ find ${LOCALBASE}/{bin,libexec,sbin} -type f -perm -o+x > scanlist.txt
|
|
$ cvechecker -b scanlist.txt
|
|
$ cvechecker -r
|