Skip to content
Find file
Fetching contributors…
Cannot retrieve contributors at this time
223 lines (222 sloc) 4.83 KB
.\" Copyright (c) 2008,2009,2010 Yahoo! Inc.
.\" Copyright (c) 2011, 2012 Jan Schaumann <jschauma@netmeister.org>
.\"
.Dd May 22, 2012
.Dt YVC 1
.Os
.Sh NAME
.Nm yvc
.Nd a software package vulnerability checker
.Sh SYNOPSIS
.Nm
.Op Fl hv
.Op Fl c Ar file
.Op Fl l Ar file
.Op Ar pkg Oo Ar ... Oc
.Sh DESCRIPTION
The
.Nm
tool compares the given package name against the list of known
vulnerabilities and reports any security issues.
This output contains the name and version of the package, the type of
vulnerability, and a URL for further information for each vulnerable package.
.Sh OPTIONS
The following options are supported by
.Nm :
.Bl -tag -width l_file_
.It Fl c Ar file
Read configuration from
.Ar file
(default: /usr/local/etc/yvc.conf).
.It Fl h
Print a short usage statement and exit.
.It Fl l Ar file
Check against the list of vulnerabilities provided in
.Ar file .
Can be used multiple times.
.It Fl v
Be verbose.
Can be used multiple times.
.El
.Sh INPUT
.Nm
takes as input a list of package names.
If no package names are given on the command-line,
.Nm
will read them from stdin.
.Pp
Input from stdin and from the command-line can be combined: if
.Nm
encounters "-" as an argument, it will read from stdin at that point.
.Sh DETAILS
.Nm
will then try to match each package against a list of known
vulnerabilities.
.Pp
The list of known vulnerabilities is taken from a text file.
In this file, each line lists the package and vulnerable versions, the type of
exploit, and an Internet address for further information:
.Bl -item
.It
.Aq package pattern
.Aq type
.Aq url
.Aq severity
.El
.Pp
The type of exploit can be any text, although
some common types of exploits listed are:
.Bl -bullet -compact -offset indent
.It
cross-site-html
.It
cross-site-scripting
.It
denial-of-service
.It
file-permissions
.It
local-access
.It
local-code-execution
.It
local-file-read
.It
local-file-removal
.It
local-file-write
.It
local-root-file-view
.It
local-root-shell
.It
local-symlink-race
.It
local-user-file-view
.It
local-user-shell
.It
privacy-leak
.It
remote-code-execution
.It
remote-command-inject
.It
remote-file-creation
.It
remote-file-read
.It
remote-file-view
.It
remote-file-write
.It
remote-key-theft
.It
remote-root-access
.It
remote-root-shell
.It
remote-script-inject
.It
remote-server-admin
.It
remote-use-of-secret
.It
remote-user-access
.It
remote-user-file-view
.It
remote-user-shell
.It
unknown
.It
weak-authentication
.It
weak-encryption
.It
weak-ssl-authentication
.El
.Pp
The severity of the vulnerability is an optional free-form field that an
organization may use to further classify the vulnerability.
For example, one might choose to assign a vulnerability a severity level
indicating the impact and required resolution according to internal
security procedures and requirements.
.Pp
The list of vulnerabilities is stored per default in two files under
/usr/local/var/yvc/.
.Sh CONFIGURATION
At startup,
.Nm
reads the system-wide configuration file /usr/local/etc/yvc.conf.
See
.Xr yvc.conf 5
for details.
.Sh EXAMPLES
.Nm
can be run via
.Xr cron 8 ,
to check the installed packages on a regular basis.
One might wish to invoke
.Nm
as:
.Bd -literal -offset indent
pkg_info | awk '{print $1}' | yvc
.Ed
.Pp
To check the packages 'zsh-4.2.6' and 'sudo-1.6.8pl1' against any known
vulnerabilities:
.Bd -literal -offset indent
yvc zsh-4.2.6 sudo-1.6.8pl1
.Ed
.Pp
To check all rpms on the host
\'hostname.yahoo.com':
.Bd -literal -offset indent
ssh hostname.yahoo.com "rpm -qa" | yvc
.Ed
.Sh EXIT STATUS
.Nm
returns zero if no errors were encountered and no vulnerabilities were
found.
If any vulnerabilities were found,
.Nm
will return an exit status of '2'.
.Pp
An exit status of '1' indicates some sort of unexpected error.
.Sh FILES
.Bl -tag -width _home_y_var_yvc_rh6vlist__
.It /usr/local/etc/yvc.conf
The
.Nm
configuration file.
.It /usr/local/var/yvc/fbvlist
A list of known vulnerabilities in the FreeBSD ports collection derived
from http://www.freebsd.org/ports/portaudit/.
.It /usr/local/var/yvc/nbvlist
A list of vulnerabilities provided by the NetBSD Project.
See http://www.netbsd.org/support/security/#check-pkgsrc for details.
.It /usr/local/var/yvc/rh4vlist
A list of vulnerabilities known in RHEL4, derived from
http://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml.bz2 .
.It /usr/local/var/yvc/rh5vlist
A list of vulnerabilities known in RHEL5, derived from
http://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml.bz2 .
.It /usr/local/var/yvc/rh6vlist
A list of vulnerabilities known in RHEL6, derived from
http://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml.bz2 .
.El
.Sh SEE ALSO
.Xr fetch-vlist 1 ,
.Xr rpm 1 ,
.Xr yinst 1 ,
.Xr yvc.conf 5
.Sh HISTORY
.Nm
was conceptually based on NetBSD's "audit-packages" command.
It was originally written by
.An Jan Schaumann
.Aq jschauma@yahoo-inc.com
in July 2008.
.Sh BUGS
Please report bugs and feature requests to the author.
Something went wrong with that request. Please try again.