Mirrors/Munin-Contrib
1
0
Fork 0
mirror of https://github.com/munin-monitoring/contrib.git synced 2025-08-02 22:28:24 +00:00
Code Issues Releases Wiki Activity
Munin-Contrib/plugins/system/debsecan
Olivier Mehani 4653dcd9a6 [debescan] Add links to CVEs in extinfo 
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2016-09-01 11:24:24 +10:00

86 lines
2.3 KiB
Bash
Executable file
Raw Blame History

#!/bin/sh
#
# Plugin to monitor the number of CVE vulnerabilities present on a Debian
# system (using debsecan). Might work on other distib, who knows...
#
# Inspiration of the moment 10/10/2007
#
# Nicolas BOUTHORS <nbouthors@nbi.fr> http://nbi.fr/
#
# Licence : Public Domain
#
#%# family=auto
#%# capabilities=autoconf
# Auto enable if we have debsecan only
if [ "$1" = "autoconf" ] ; then
if [ -x /usr/bin/debsecan ]; then
echo yes
else
echo no
fi
exit 0
fi
# Fail if we don't have debsecan
if [ ! -x /usr/bin/debsecan ]; then
exit 1
fi
if [ "$1" = "config" ] ; then
cat <<EOF_
graph_title DebSecan : vulnerabilities
graph_args -l 0 --base 1000
graph_vlabel number of CVE
graph_category system
graph_period second
graph_info This graph show the number of known vulnerabilities present on your system. Use debsecan to see details.
high.label high
high.colour FF0000
high.type GAUGE
high.draw AREASTACK
high.min 0
high.info The number of CVEs marked high priority
medium.label medium
medium.colour FFA500
medium.type GAUGE
medium.draw AREASTACK
medium.min 0
medium.info The number of CVEs marked medium priority
low.label low
low.colour 0000FF
low.type GAUGE
low.draw AREASTACK
low.min 0
low.info The number of CVEs marked low priority
other.label other
other.colour 00A5FF
other.type GAUGE
other.draw AREASTACK
other.min 0
other.info The number of CVEs with unspecified priority
EOF_
exit 0
fi
CVERE="\(\(CVE\|TMP\)[-0-9A-Fa-f]\+\)"
CVEBASEURL="https://security-tracker.debian.org/tracker/"
OUT=`mktemp -t debescan.XXXXXX`
debsecan 2> /dev/null > ${OUT}
high=`grep -c 'high urgency' ${OUT}`
medium=`grep -c 'medium urgency' ${OUT}`
low=`grep -c 'low urgency)' ${OUT}`
other=`grep -c -v '\(low\|medium\|high\) urgency' ${OUT}`
cat <<EOF_
high.value $high
high.extinfo `echo $(sed -n "s#^${CVERE}.*high urgency.*#<a href=\"${CVEBASEURL}\1\">\1</a> #p" ${OUT})`
medium.value $medium
medium.extinfo `echo $(sed -n "s#^${CVERE}.*medium urgency.*#<a href=\"${CVEBASEURL}\1\">\1</a> #p" ${OUT})`
low.value $low
low.extinfo `echo $(sed -n "s#^${CVERE}.*low urgency.*#<a href=\"${CVEBASEURL}\1\">\1</a> #p" ${OUT})`
other.value $other
other.extinfo `echo $(grep -v -e '\(low\|medium\|high\) urgency' ${OUT} | sed -n "s#^${CVERE}.*#<a href=\"${CVEBASEURL}\1\">\1</a> #p")`
EOF_
rm -f ${OUT}
Reference in a new issue View git blame Copy permalink