Robot/contrib-munin
2
0
Fork 0
mirror of https://github.com/munin-monitoring/contrib.git synced 2018-11-08 00:59:34 +01:00
Code Issues Releases Wiki Activity

[system/debsecan] List remotely-exploitable CVEs separately

Browse source 
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
This commit is contained in:
Olivier Mehani 2017-01-04 12:12:16 +11:00
parent 9e6c5f9ebf
commit fefb1aab4a
1 changed files with 21 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
plugins/system/debsecan
View file

@ -13,6 +13,8 @@ system (using debsecan). Might work on other distib, who knows...
env.suite jessie env.suite jessie
env.fixed_warn 1 env.fixed_warn 1
env.fixed_critical 1000 env.fixed_critical 1000
env.remote_warn 1
env.remote_critical 10
=head1 AUTHORS =head1 AUTHORS
@ -53,6 +55,8 @@ if [ ${SUITE} = ${0} ]; then
fi fi
FIXEDWARN=${fixed_warning:-1} FIXEDWARN=${fixed_warning:-1}
FIXEDCRIT=${fixed_critical:-1000} FIXEDCRIT=${fixed_critical:-1000}
REMOTEWARN=${remote_warning:-1}
REMOTECRIT=${remote_critical:-10}
CVERE="\(\(CVE\|TMP\)[-0-9A-Fa-f]\+\)" CVERE="\(\(CVE\|TMP\)[-0-9A-Fa-f]\+\)"
if [ "$1" = "config" ] ; then if [ "$1" = "config" ] ; then
@ -63,8 +67,16 @@ graph_vlabel number of CVE
graph_category system graph_category system
graph_period second graph_period second
graph_info This graph show the number of known vulnerabilities present on your system. Use debsecan to see details. graph_info This graph show the number of known vulnerabilities present on your system. Use debsecan to see details.
remote.label remote
remote.colour FF0000
remote.type GAUGE
remote.draw AREASTACK
remote.min 0
remote.info The number of remotely exploitable CVEs with any priority
remote.warning ${REMOTEWARN}
remote.critical ${REMOTECRIT}
high.label high high.label high
high.colour FF0000 high.colour F70000
high.type GAUGE high.type GAUGE
high.draw AREASTACK high.draw AREASTACK
high.min 0 high.min 0
@ -101,24 +113,29 @@ fi
CVECOUNTRE="s/^ *\([0-9]\+\) \+\([^ ]\+\)/\2 (\1)/" CVECOUNTRE="s/^ *\([0-9]\+\) \+\([^ ]\+\)/\2 (\1)/"
OUT=`mktemp -t debsecan.XXXXXX` OUT=`mktemp -t debsecan.XXXXXX`
REMOTE=`mktemp -t debsecan.XXXXXX`
HIGH=`mktemp -t debsecan.XXXXXX` HIGH=`mktemp -t debsecan.XXXXXX`
MEDIUM=`mktemp -t debsecan.XXXXXX` MEDIUM=`mktemp -t debsecan.XXXXXX`
LOW=`mktemp -t debsecan.XXXXXX` LOW=`mktemp -t debsecan.XXXXXX`
OTHER=`mktemp -t debsecan.XXXXXX` OTHER=`mktemp -t debsecan.XXXXXX`
FIXED=`mktemp -t debsecan.XXXXXX` FIXED=`mktemp -t debsecan.XXXXXX`
debsecan --suite ${SUITE} 2> /dev/null > ${OUT} debsecan --suite ${SUITE} 2> /dev/null > ${OUT}
grep 'high urgency' ${OUT} > ${HIGH} grep 'remotely' ${OUT} > ${REMOTE}
grep 'medium urgency' ${OUT} > ${MEDIUM} grep 'high urgency' ${OUT} | grep -v 'remotely' > ${HIGH}
grep 'low urgency)' ${OUT} > ${LOW} grep 'medium urgency' ${OUT} | grep -v 'remotely' > ${MEDIUM}
grep 'low urgency)' ${OUT} | grep -v 'remotely' > ${LOW}
grep '(fixed' ${OUT} > ${FIXED} grep '(fixed' ${OUT} > ${FIXED}
high=`cat ${HIGH} | wc -l` high=`cat ${HIGH} | wc -l`
remote=`cat ${REMOTE} | wc -l`
medium=`cat ${MEDIUM} | wc -l` medium=`cat ${MEDIUM} | wc -l`
low=`cat ${LOW} | wc -l` low=`cat ${LOW} | wc -l`
other=`cat ${OTHER} | wc -l` other=`cat ${OTHER} | wc -l`
fixed=`cat ${FIXED} | wc -l` fixed=`cat ${FIXED} | wc -l`
cat <<EOF cat <<EOF
remote.value $remote
remote.extinfo `echo $(cut -f 2 -d" " ${REMOTE} | uniq -c | sort -nr | sed "${CVECOUNTRE}")`
high.value $high high.value $high
high.extinfo `echo $(cut -f 2 -d" " ${HIGH} | uniq -c | sort -nr | sed "${CVECOUNTRE}")` high.extinfo `echo $(cut -f 2 -d" " ${HIGH} | uniq -c | sort -nr | sed "${CVECOUNTRE}")`
medium.value $medium medium.value $medium
@ -130,5 +147,3 @@ other.extinfo `echo $(cut -f 2 -d" " ${OTHER} | uniq -c | sort -nr | sed "${CVE
fixed.value $fixed fixed.value $fixed
fixed.extinfo `echo $(cut -f 2 -d" " ${FIXED} | uniq -c | sort -nr | sed "${CVECOUNTRE}")` fixed.extinfo `echo $(cut -f 2 -d" " ${FIXED} | uniq -c | sort -nr | sed "${CVECOUNTRE}")`
EOF EOF
rm -f ${OUT} ${HIGH} ${MEDIUM} ${LOW} ${FIXED} ${OTHER}