Mirrors/Munin-Contrib
1
0
Fork 0
mirror of https://github.com/munin-monitoring/contrib.git synced 2025-07-21 18:41:03 +00:00
Code Issues Releases Wiki Activity

Merge pull request #1217 from Wicloz/patch-1 (improve debian/debsecan_ plugin)

Browse source 
Add suggest capabilities to the debian/debsecan_ plugin.
This commit is contained in:
Lars Kruse 2021-07-15 23:18:43 +02:00 committed by GitHub
commit 839a29e942
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 112 additions and 101 deletions
Download patch file Download diff file Expand all files Collapse all files

77
plugins/debian/debsecan_
View file

@ -36,6 +36,7 @@ Shell globbing patterns are allowed.
* Nicolas BOUTHORS <nbouthors@nbi.fr> http://nbi.fr/, Inspiration of the moment 10/10/2007
* Olivier Mehani <shtrom+munin@ssji.net>, 2016
* Wilco de Boer <deboer.wilco@gmail.com>, 2021
=head1 LICENSE
@ -43,8 +44,8 @@ Public Domain
=head1 MAGIC MARKERS
%# family=auto
%# capabilities=autoconf
#%# family=auto
#%# capabilities=autoconf suggest
=cut
@ -58,13 +59,25 @@ if [ "$1" = "autoconf" ] ; then
exit 0
fi
# Suggest both modes when asked
if [ "$1" = "suggest" ]; then
echo pkg
echo cve
exit 0
fi
# Fail if we don't have debsecan
if [ ! -x /usr/bin/debsecan ]; then
echo 'error: /usr/bin/debsecan not found' >&2
exit 1
fi
SUITE=${suite:-sid}
# Suite is taken from environment but defaults to `os-release` content
SUITE=$(
. /etc/os-release
echo "${suite:-$VERSION_CODENAME}"
)
FIXEDWARN=${fixed_warning:-1}
FIXEDCRIT=${fixed_critical:-1000}
REMOTEWARN=${remote_warning:-1}
@ -83,7 +96,7 @@ case "${MODE}" in
esac
if [ "$1" = "config" ]; then
cat <<EOF_
cat <<- EOF
graph_title DebSecan: ${TITLE_ADD}vulnerabilities
graph_info ${TITLE_ADD}vulnerabilities for ${SUITE}
graph_args -l 0 --base 1000
@ -130,19 +143,19 @@ fixed.min 0
fixed.info The number of ${TITLE_ADD}CVEs fixed by available updates
fixed.warning ${FIXEDWARN}
fixed.critical ${FIXEDCRIT}
EOF_
EOF
exit 0
fi
ALL=$(debsecan --suite "${SUITE}" 2> /dev/null)
REMOTE=$(echo "$ALL" | grep -w 'remotely')
NONREMOTE=$(echo "$ALL" | grep -wv 'remotely')
REMOTE=$(printf '%s' "$ALL" | grep -w 'remotely')
NONREMOTE=$(printf '%s' "$ALL" | grep -wv 'remotely')
HIGH=$(echo "${NONREMOTE}" | grep -w 'high urgency')
MEDIUM=$(echo "${NONREMOTE}" | grep -w 'medium urgency')
LOW=$(echo "${NONREMOTE}" | grep -w 'low urgency')
OTHER=$(echo "${NONREMOTE}" | grep -wv 'urgency')
FIXED=$(echo "${ALL}" | grep -w '(fixed')
HIGH=$(printf '%s' "${NONREMOTE}" | grep -w 'high urgency')
MEDIUM=$(printf '%s' "${NONREMOTE}" | grep -w 'medium urgency')
LOW=$(printf '%s' "${NONREMOTE}" | grep -w 'low urgency')
OTHER=$(printf '%s' "${NONREMOTE}" | grep -wv 'urgency')
FIXED=$(printf '%s' "${ALL}" | grep -w '(fixed')
# Arguments: Field offset to aggregate by
count_entries() {
@ -152,39 +165,37 @@ count_entries() {
case "${MODE}" in
'cve')
remote_count=$(echo "${REMOTE}" | count_entries "${FIELD}" | wc -l)
high_count=$(echo "${HIGH}" | count_entries "${FIELD}" | wc -l)
medium_count=$(echo "${MEDIUM}" | count_entries "${FIELD}" | wc -l)
low_count=$(echo "${LOW}" | count_entries "${FIELD}" | wc -l)
other_count=$(echo "${OTHER}" | count_entries "${FIELD}" | wc -l)
fixed_count=$(echo "${FIXED}" | count_entries "${FIELD}" | wc -l)
remote_count=$(printf '%s' "${REMOTE}" | count_entries "${FIELD}" | wc -l)
high_count=$(printf '%s' "${HIGH}" | count_entries "${FIELD}" | wc -l)
medium_count=$(printf '%s' "${MEDIUM}" | count_entries "${FIELD}" | wc -l)
low_count=$(printf '%s' "${LOW}" | count_entries "${FIELD}" | wc -l)
other_count=$(printf '%s' "${OTHER}" | count_entries "${FIELD}" | wc -l)
fixed_count=$(printf '%s' "${FIXED}" | count_entries "${FIELD}" | wc -l)
;;
'pkg' | *)
remote_count=$(echo "${REMOTE}" | wc -l)
high_count=$(echo "${HIGH}" | wc -l)
medium_count=$(echo "${MEDIUM}" | wc -l)
low_count=$(echo "${LOW}" | wc -l)
other_count=$(echo "${OTHER}" | wc -l)
fixed_count=$(echo "${FIXED}" | wc -l)
remote_count=$(printf '%s' "${REMOTE}" | wc -l)
high_count=$(printf '%s' "${HIGH}" | wc -l)
medium_count=$(printf '%s' "${MEDIUM}" | wc -l)
low_count=$(printf '%s' "${LOW}" | wc -l)
other_count=$(printf '%s' "${OTHER}" | wc -l)
fixed_count=$(printf '%s' "${FIXED}" | wc -l)
;;
esac
# Reformat the output of the cut|sort|uniq... to a more human-friendly "item (count)" format
CVECOUNTRE='s/^ *\([0-9]\+\) \+\([^ ]\+\)/\2 (\1)/'
# shellcheck disable=SC2005 disable=SC2046
# The nested $(echo ...)s are needed to yet the newlines
cat <<EOF
cat <<- EOF
remote.value $remote_count
remote.extinfo $(echo $(echo "${REMOTE}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
remote.extinfo $(printf '%s' "${REMOTE}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
high.value $high_count
high.extinfo $(echo $(echo "${HIGH}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
high.extinfo $(printf '%s' "${HIGH}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
medium.value $medium_count
medium.extinfo $(echo $(echo "${MEDIUM}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
medium.extinfo $(printf '%s' "${MEDIUM}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
low.value $low_count
low.extinfo $(echo $(echo "${LOW}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
low.extinfo $(printf '%s' "${LOW}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
other.value $other_count
other.extinfo $(echo $(echo "${OTHER}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
other.extinfo $(printf '%s' "${OTHER}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
fixed.value $fixed_count
fixed.extinfo $(echo $(echo "${FIXED}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
fixed.extinfo $(printf '%s' "${FIXED}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
EOF