2
0
Fork 0
mirror of https://github.com/munin-monitoring/contrib.git synced 2018-11-08 00:59:34 +01:00
contrib-munin/plugins/system/debsecan

135 lines
3.2 KiB
Text
Raw Normal View History

2007-10-15 08:14:42 +02:00
#!/bin/sh
: << =cut
=head1 NAME
debsecan - Plugin to monitor the number of CVE vulnerabilities present on a Debian
system (using debsecan). Might work on other distib, who knows...
=head1 CONFIGURATION
[debsecan]
env.suite jessie
env.fixed_warn 1
env.fixed_critical 1000
=head1 AUTHORS
* Nicolas BOUTHORS <nbouthors@nbi.fr> http://nbi.fr/, Inspiration of the moment 10/10/2007
* Olivier Mehani <shtrom+munin@ssji.net>, 2016
=head1 LICENSE
Public Domain
=head1 MAGIC MARKERS
%# family=auto
%# capabilities=autoconf
=cut
2007-10-15 08:14:42 +02:00
# Auto enable if we have debsecan only
if [ "$1" = "autoconf" ] ; then
2007-10-15 08:14:42 +02:00
if [ -x /usr/bin/debsecan ]; then
echo yes
else
echo no
fi
exit 0
fi
# Fail if we don't have debsecan
2007-10-15 08:14:42 +02:00
if [ ! -x /usr/bin/debsecan ]; then
exit 1
fi
# Determine suite from filename...
SUITE=`echo $0 | sed 's/.*_//'`
if [ ${SUITE} = ${0} ]; then
# ...or fall back onto configuration in environment
SUITE=${suite:-sid}
fi
FIXEDWARN=${fixed_warning:-1}
FIXEDCRIT=${fixed_critical:-1000}
CVERE="\(\(CVE\|TMP\)[-0-9A-Fa-f]\+\)"
2007-10-15 08:14:42 +02:00
if [ "$1" = "config" ] ; then
cat <<EOF_
graph_title DebSecan : vulnerabilities for ${SUITE}
2007-10-15 08:14:42 +02:00
graph_args -l 0 --base 1000
graph_vlabel number of CVE
graph_category system
graph_period second
graph_info This graph show the number of known vulnerabilities present on your system. Use debsecan to see details.
2007-10-15 08:14:42 +02:00
high.label high
high.colour FF0000
2007-10-15 08:14:42 +02:00
high.type GAUGE
high.draw AREASTACK
2007-10-15 08:14:42 +02:00
high.min 0
high.info The number of CVEs marked high priority
2007-10-15 08:14:42 +02:00
medium.label medium
medium.colour FFA500
2007-10-15 08:14:42 +02:00
medium.type GAUGE
medium.draw AREASTACK
2007-10-15 08:14:42 +02:00
medium.min 0
medium.info The number of CVEs marked medium priority
2007-10-15 08:14:42 +02:00
low.label low
low.colour 0000FF
2007-10-15 08:14:42 +02:00
low.type GAUGE
low.draw AREASTACK
2007-10-15 08:14:42 +02:00
low.min 0
low.info The number of CVEs marked low priority
2007-10-15 08:14:42 +02:00
other.label other
other.colour 00A5FF
2007-10-15 08:14:42 +02:00
other.type GAUGE
other.draw AREASTACK
2007-10-15 08:14:42 +02:00
other.min 0
other.info The number of CVEs with unspecified priority
fixed.label fixed
fixed.type GAUGE
fixed.draw LINE2
fixed.min 0
fixed.info The number of CVEs fixed by available updates
fixed.warning ${FIXEDWARN}
fixed.critical ${FIXEDCRIT}
2007-10-15 08:14:42 +02:00
EOF_
exit 0
fi
CVECOUNTRE="s/^ *\([0-9]\+\) \+\([^ ]\+\)/\2 (\1)/"
OUT=`mktemp -t debsecan.XXXXXX`
HIGH=`mktemp -t debsecan.XXXXXX`
MEDIUM=`mktemp -t debsecan.XXXXXX`
LOW=`mktemp -t debsecan.XXXXXX`
OTHER=`mktemp -t debsecan.XXXXXX`
FIXED=`mktemp -t debsecan.XXXXXX`
debsecan --suite ${SUITE} 2> /dev/null > ${OUT}
grep 'high urgency' ${OUT} > ${HIGH}
grep 'medium urgency' ${OUT} > ${MEDIUM}
grep 'low urgency)' ${OUT} > ${LOW}
grep '(fixed' ${OUT} > ${FIXED}
high=`cat ${HIGH} | wc -l`
medium=`cat ${MEDIUM} | wc -l`
low=`cat ${LOW} | wc -l`
other=`cat ${OTHER} | wc -l`
fixed=`cat ${FIXED} | wc -l`
cat <<EOF
2007-10-15 08:14:42 +02:00
high.value $high
high.extinfo `echo $(cut -f 2 -d" " ${HIGH} | uniq -c | sort -nr | sed "${CVECOUNTRE}")`
2007-10-15 08:14:42 +02:00
medium.value $medium
medium.extinfo `echo $(cut -f 2 -d" " ${MEDIUM} | uniq -c | sort -nr | sed "${CVECOUNTRE}")`
2007-10-15 08:14:42 +02:00
low.value $low
low.extinfo `echo $(cut -f 2 -d" " ${LOW} | uniq -c | sort -nr | sed "${CVECOUNTRE}")`
2007-10-15 08:14:42 +02:00
other.value $other
other.extinfo `echo $(cut -f 2 -d" " ${OTHER} | uniq -c | sort -nr | sed "${CVECOUNTRE}")`
fixed.value $fixed
fixed.extinfo `echo $(cut -f 2 -d" " ${FIXED} | uniq -c | sort -nr | sed "${CVECOUNTRE}")`
EOF
2007-10-15 08:14:42 +02:00
rm -f ${OUT} ${HIGH} ${MEDIUM} ${LOW} ${FIXED} ${OTHER}