Admin: Text replacement - "Category:Wiki" to "Category:Wiki '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' "

2026-01-17T08:12:16Z

Text replacement - "Category:Wiki" to "Category:Wiki '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' "

← Older revision		Revision as of 08:12, 17 January 2026
Line 1:		Line 1:
	[[Category:Wiki]]		[[Category:Wiki]]

			'''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]'''''


	== Basic Usage ==		== Basic Usage ==

Admin: Created page with "Category:Wiki == Basic Usage == The primary purpose of `debsecan` is to display vulnerabilities in installed packages. By default, it will list any vulnerable packages with details such as the severity of the vulnerability and links to further information. debsecan This will output a list of vulnerable packages currently installed on the system. == Checking Vulnerabilities for a Specific Package == To check for vulnerabilities in a specific p..."

2025-12-14T08:38:12Z

Created page with "Category:Wiki == Basic Usage == The primary purpose of `debsecan` is to display vulnerabilities in installed packages. By default, it will list any vulnerable packages with details such as the severity of the vulnerability and links to further information. <nowiki> debsecan</nowiki> This will output a list of vulnerable packages currently installed on the system. == Checking Vulnerabilities for a Specific Package == To check for vulnerabilities in a specific p..."

New page

[[Category:Wiki]]

== Basic Usage ==

The primary purpose of `debsecan` is to display vulnerabilities in installed packages. By default, it will list any vulnerable packages with details such as the severity of the vulnerability and links to further information.

<nowiki>
debsecan</nowiki>

This will output a list of vulnerable packages currently installed on the system.

== Checking Vulnerabilities for a Specific Package ==

To check for vulnerabilities in a specific package, simply pass the package name as an argument.

<nowiki>
debsecan <package-name></nowiki>

Example:

<nowiki>
debsecan openssl</nowiki>

This command will list vulnerabilities related to the `openssl` package if any are found.

== Output Format and Severity Levels ==

The output from `debsecan` includes a list of vulnerabilities with various details, including a severity level. The severity levels can be:

- `low`: Low severity issues, typically requiring minimal attention.
- `medium`: Moderate severity, may need closer review.
- `high`: High severity, should be addressed as soon as possible.
- `critical`: Critical vulnerabilities, requiring immediate action.

Example output:

<nowiki>
Package: openssl
Vulnerability ID: CVE-2014-3566
Severity: high
Description: A vulnerability in the SSLv3 protocol could allow attackers to perform man-in-the-middle attacks.
Fix: Update to version 1.0.1i-2+deb7u3</nowiki>

== Checking All Packages with Security Updates ==

To list all installed packages that have available security updates, use the `--security` option.

<nowiki>
debsecan --security</nowiki>

This command will display all packages that have known security vulnerabilities and updates available to address them.

== Checking for Specific Vulnerabilities by CVE ID ==

`debsecan` can also be used to search for specific CVE IDs. This is useful when you need to verify whether a certain vulnerability exists on your system.

<nowiki>
debsecan --cve <CVE-ID></nowiki>

Example:

<nowiki>
debsecan --cve CVE-2021-3450</nowiki>

This will check for the specific CVE ID `CVE-2021-3450` and return the associated vulnerability details if it affects any installed packages.

== Filtering by Package Version ==

You can also filter the output by package version using the `--version` flag.

<nowiki>
debsecan --version <version></nowiki>

Example:

<nowiki>
debsecan --version 1.0.2-1</nowiki>

This will limit the output to vulnerabilities related to the version `1.0.2-1` of installed packages.

== Output to File ==

To save the output of `debsecan` to a file, you can redirect the output using the standard Linux redirection operator.

<nowiki>
debsecan > vulnerabilities.txt</nowiki>

This will save the list of vulnerable packages into the file `vulnerabilities.txt` for further review or archiving.

== Regular Updates ==

It is important to regularly run `debsecan` to check for vulnerabilities, as new security advisories are released frequently. You can automate the process by setting up a cron job that runs `debsecan` periodically.

Example cron job:

<nowiki>
0 2 * * * /usr/bin/debsecan --security > /var/log/debsecan.log</nowiki>

This cron job runs `debsecan` every day at 2 AM, checking for security vulnerabilities and logging the output to `/var/log/debsecan.log`.

== Useful Links ==

For further information on `debsecan`, you can refer to the following links:

* [Debian Security Tracker](https://security-tracker.debian.org/)
* [Debsecan GitHub Repository](https://github.com/mvo5/debsecan)
* [Debian Security Announcements](https://www.debian.org/security/)
* [CVE Details for Debian](https://www.cvedetails.com/vulnerability-list/vendor_id-89/product_id-1607/Debian-Debian.html)

DEBSECAN - Documentation - Revision history

Admin: Text replacement - "Category:Wiki" to "Category:Wiki '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' "