I started a tiny project a couple of days ago: arch-audit.
arch-audit main (and unique) goal is to display the Arch Linux packages that are affected by known vulnerabilities on your system.
arch-audit output is very verbose when it’s started without any argument, but two options
-f) allows to change the output for your use case.
There’s also a third option
--upgradable to display only packages that have already been fixed in the Arch Linux repositories.
In my opinion a great use case is the following:
$ ssh www.andreascarpino.it openssl>=1.0.2.i-1 lib32-openssl>=1:1.0.2.i-1 Last login: Sat Sep 24 23:13:56 2016 $
In fact, I added a systemd timer that executes
arch-audit -uq everyday and saves its output to a temporary file that is configured as banner for SSH.
Then, every time I log into my server, I get notified about packages that have vulnerabilities, but that already have been fixed. Time to do a system update!
So, now I’m waiting your feedbacks! Have fun!