system/cve-check-tool: Added (tool for checking known public CVEs).

Signed-off-by: David Spencer <idlemoor@slackbuilds.org>

1 files changed, 20 insertions, 0 deletions

diff --git a/system/cve-check-tool/README b/system/cve-check-tool/README
new file mode 100644
index 000000000000..a86ae9575cd1
--- /dev/null
+++ b/system/cve-check-tool/README
@@ -0,0 +1,20 @@
+cve-check-tool is a tool for checking known (public) CVEs. The tool will
+identify potentially vunlnerable software packages within Linux
+distributions through version matching.
+
+CVEs are only ever potential - due to the various policies of various
+distributions, and indeed semantics in versioning within various
+projects, it is expected that the tool may generate false positives.
+
+The tool is designed to integrate with a locally cached copy of the
+National Vulnerability Database. cve-check-tool downloads the NVD in its
+entirety, from 2002 until the current moment. The decompressed XML
+database is in excess of 550MB, so this should be taken into account
+before running the tool.
+
+Make package list from package database:
+    ( cd /var/log/packages/ ; ls | rev | cut -d- -f3- | \
+    sed -e s/-/,/ -e s/^/,,/ | rev > /var/log/pkgs.csv )
+
+Check packages via CVEs database:
+    cve-check-tool -uNc /var/log/pkgs.csv