Monitoring/Nagios plugin for Debian - Checks the Debian CVE database against all installed packages on your system
Usage: check_debsecan [OPTIONS]
Arguments:
-f warning value for fixed packages | default = 20
-F critical value for fixed packages | default = 30
-o warning value for obsolete packages | default = 1
-O critical value for obsolete packages | default = 1
-l warning value for "low urgency" fixes | default = 10
-L critical value for "low urgency" fixes | default = 20
-m warning value for "medium urgency" fixes | default = 5
-M critical value for "medium urgency" fixes | default = 10
-u warning value for urgent "high urgency" fixes | default = 1
-U critical value for urgent "high urgency" fixes | default = 1
-s set the suite parameter manually
-P "[proxy-url]" set the proxy manually
Options:
-d produces debugging output
-r disables the cve/packages report
-h print this help
OK: (F:7;O:0;H:0;M:3;L:1) - 7 security fixes ready to install found!
CVE-2016-8864 libdns-export100 (fixed, remotely exploitable, medium urgency)
CVE-2017-3135 libdns-export100 (fixed)
CVE-2017-5848 gstreamer1.0-plugins-bad (fixed, remotely exploitable, low urgency)
TEMP-0000000-1E5903 libgraphicsmagick-q16-3 (fixed)
CVE-2016-7444 libgnutls-deb0-28 (fixed, remotely exploitable, medium urgency)
CVE-2017-5334 libgnutls-deb0-28 (fixed)
CVE-2017-5027 chromium (fixed, remotely exploitable, medium urgency)
| 'fixed'=7;20;30;0;30 'obsolete'=0;1;1;0;1 'high-urgency'=0;1;1;0;1 'medium-urgency'=3;5;10;0;10 'low-urgency'=1;10;20;0;20
The default thresholds of the check are relatively high, so if you want to check for all CVE's just set -f 1 -F 1 so every CVE popping up will force the check to CRITICAL.