root / plugins / system / debsecan @ 4653dcd9
Historique | Voir | Annoter | Télécharger (2,26 ko)
| 1 |
#!/bin/sh |
|---|---|
| 2 |
# |
| 3 |
# Plugin to monitor the number of CVE vulnerabilities present on a Debian |
| 4 |
# system (using debsecan). Might work on other distib, who knows... |
| 5 |
# |
| 6 |
# Inspiration of the moment 10/10/2007 |
| 7 |
# |
| 8 |
# Nicolas BOUTHORS <nbouthors@nbi.fr> http://nbi.fr/ |
| 9 |
# |
| 10 |
# Licence : Public Domain |
| 11 |
# |
| 12 |
#%# family=auto |
| 13 |
#%# capabilities=autoconf |
| 14 |
|
| 15 |
# Auto enable if we have debsecan only |
| 16 |
if [ "$1" = "autoconf" ] ; then |
| 17 |
if [ -x /usr/bin/debsecan ]; then |
| 18 |
echo yes |
| 19 |
else |
| 20 |
echo no |
| 21 |
fi |
| 22 |
exit 0 |
| 23 |
fi |
| 24 |
|
| 25 |
# Fail if we don't have debsecan |
| 26 |
if [ ! -x /usr/bin/debsecan ]; then |
| 27 |
exit 1 |
| 28 |
fi |
| 29 |
|
| 30 |
if [ "$1" = "config" ] ; then |
| 31 |
cat <<EOF_ |
| 32 |
graph_title DebSecan : vulnerabilities |
| 33 |
graph_args -l 0 --base 1000 |
| 34 |
graph_vlabel number of CVE |
| 35 |
graph_category system |
| 36 |
graph_period second |
| 37 |
graph_info This graph show the number of known vulnerabilities present on your system. Use debsecan to see details. |
| 38 |
high.label high |
| 39 |
high.colour FF0000 |
| 40 |
high.type GAUGE |
| 41 |
high.draw AREASTACK |
| 42 |
high.min 0 |
| 43 |
high.info The number of CVEs marked high priority |
| 44 |
medium.label medium |
| 45 |
medium.colour FFA500 |
| 46 |
medium.type GAUGE |
| 47 |
medium.draw AREASTACK |
| 48 |
medium.min 0 |
| 49 |
medium.info The number of CVEs marked medium priority |
| 50 |
low.label low |
| 51 |
low.colour 0000FF |
| 52 |
low.type GAUGE |
| 53 |
low.draw AREASTACK |
| 54 |
low.min 0 |
| 55 |
low.info The number of CVEs marked low priority |
| 56 |
other.label other |
| 57 |
other.colour 00A5FF |
| 58 |
other.type GAUGE |
| 59 |
other.draw AREASTACK |
| 60 |
other.min 0 |
| 61 |
other.info The number of CVEs with unspecified priority |
| 62 |
EOF_ |
| 63 |
exit 0 |
| 64 |
fi |
| 65 |
|
| 66 |
CVERE="\(\(CVE\|TMP\)[-0-9A-Fa-f]\+\)" |
| 67 |
CVEBASEURL="https://security-tracker.debian.org/tracker/" |
| 68 |
|
| 69 |
OUT=`mktemp -t debescan.XXXXXX` |
| 70 |
debsecan 2> /dev/null > ${OUT}
|
| 71 |
high=`grep -c 'high urgency' ${OUT}`
|
| 72 |
medium=`grep -c 'medium urgency' ${OUT}`
|
| 73 |
low=`grep -c 'low urgency)' ${OUT}`
|
| 74 |
other=`grep -c -v '\(low\|medium\|high\) urgency' ${OUT}`
|
| 75 |
cat <<EOF_ |
| 76 |
high.value $high |
| 77 |
high.extinfo `echo $(sed -n "s#^${CVERE}.*high urgency.*#<a href=\"${CVEBASEURL}\1\">\1</a> #p" ${OUT})`
|
| 78 |
medium.value $medium |
| 79 |
medium.extinfo `echo $(sed -n "s#^${CVERE}.*medium urgency.*#<a href=\"${CVEBASEURL}\1\">\1</a> #p" ${OUT})`
|
| 80 |
low.value $low |
| 81 |
low.extinfo `echo $(sed -n "s#^${CVERE}.*low urgency.*#<a href=\"${CVEBASEURL}\1\">\1</a> #p" ${OUT})`
|
| 82 |
other.value $other |
| 83 |
other.extinfo `echo $(grep -v -e '\(low\|medium\|high\) urgency' ${OUT} | sed -n "s#^${CVERE}.*#<a href=\"${CVEBASEURL}\1\">\1</a> #p")`
|
| 84 |
EOF_ |
| 85 |
|
| 86 |
rm -f ${OUT}
|