cverules(1)cverules Manual cverules(1)NAMEcverules - Generate version matching rules for installed software on a
Linux / Unix distribution
SYNOPSIScverules-r
DESCRIPTION
The cverules script will scan the installed distribution packages on
your system and attempt to generate version matching rules that can be
used by cvechecker.
The script should be used by people interested in contributing to the
cvechecker' success.
USAGE
COMMAND USAGE
The command requires a single option, -r. An example usage pattern is
like so:
~$ cverules-r > output.txt
The generated output.txt file can then be submitted to the cvechecker
project, allowing it to improve the versions.dat.
USABILITY
The user should understand that this script attempts to generate match‐
es, but doesn't guarantee that each and every installed software is de‐
tected.
First of all, if a package is already matched by existing rules, the
rest of the package' content isn't scanned anymore. This is because the
tool wants to identify software and versions - once one has been de‐
tected, further detection is less useful and very resource consuming.
Second, if a package isn't detected properly, the script will see if
the version based on the distributions' package version can be found.
If it can't, then it cannot identify the version properly and ignores
the package.
Third, if the script does find a match for the version, it tries out a
few regular expressions (which have a high probability rate to match
the version) but has no intelligence to optimize the expressions. If
the tried expressions fail, the script will ignore the package.
AUTHORcverules is part of the cvechecker tool. cverules was written by Sven
Vermeulen <sven.vermeulen@siphos.be>.
November 25, 2010 1 December 2010 cverules(1)