xymon-ext-scripts

Check-in [171b1305de]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add -r as default flag to pkg audit This will print dependencies of the vulnerable package
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | master | trunk
Files: files | file ages | folders
SHA3-256: 171b1305dec4165bac8393fb36eccf9fa50a2ed4ac8875cc2144869bc1f4d1bd
User & Date: feld@feld.me 2015-04-24 12:52:05
Context
2015-08-18
15:46
Remove the ability to do the FORCEFETCH of vuxml, because that's pretty damn rude check-in: 83774b57b1 user: feld@feld.me tags: master, trunk
2015-04-24
12:52
Add -r as default flag to pkg audit This will print dependencies of the vulnerable package check-in: 171b1305de user: feld@feld.me tags: master, trunk
2015-04-06
13:52
Fix pkgaudit when run as non-root check-in: ca78846c69 user: feld@feld.me tags: master, trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to pkgaudit.sh.

47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

# Xymon doesn't have /usr/local in PATH
PATH=${PATH}:/usr/local/bin:/usr/local/sbin

# Don't edit below unless you know what you're doing
COLUMN=pkgaudit
COLOR=green
PKGAUDIT_FLAGS=""
TMPFILE="$(mktemp -t xymon-client-pkgaudit)"
FETCH=""
VULNXML="-f /var/db/pkg/vuln.xml"

if [ $? -ne 0 ]; then
	echo "$0: Can't create temp file, exiting..."
	exit 1
fi

# Build the pkg-audit message header for main host
echo "$(hostname) pkg audit status" >> ${TMPFILE}
echo "" >> ${TMPFILE}

# If PKGAUDIT_FORCEFETCH is enabled, pass -F flag and set VULNXML to a path where Xymon can write
[ ${PKGAUDIT_FORCEFETCH} = "YES" ] && FETCH="-F" && VULNXML="-f /usr/local/www/xymon/client/tmp/vuln.xml"

# Run pkg audit and collect output for main host
pkg-static audit ${FETCH} ${VULNXML} >> ${TMPFILE} || export NONGREEN=1

# Check if we should run on jails too. Grep removes poudriere jails.
if [ ${PKGAUDIT_JAILS} = "YES" ]; then
	for i in $(jls | sed '1d' | egrep -v "${PKGAUDIT_JAILGREP}" | awk '{print $1}'); do
		JAILROOT=$(jls -j ${i} -h path | sed '1d')
		{ echo "" ;
		echo "##############################" ;
		echo "" ;
		echo "jail $(jls -j ${i} -h name | sed '/name/d') pkg audit status" ;
		echo "" ;
		pkg-static -o PKG_DBDIR=${JAILROOT}/var/db/pkg audit ${VULNXML} ; } >> ${TMPFILE} || export NONGREEN=1
	done
fi

# Ingest all the pkg audit messages.
MSG=$(cat ${TMPFILE})

# NONGREEN was detected.







|

<












|


|










|







47
48
49
50
51
52
53
54
55

56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

# Xymon doesn't have /usr/local in PATH
PATH=${PATH}:/usr/local/bin:/usr/local/sbin

# Don't edit below unless you know what you're doing
COLUMN=pkgaudit
COLOR=green
PKGAUDIT_FLAGS="-r"
TMPFILE="$(mktemp -t xymon-client-pkgaudit)"

VULNXML="-f /var/db/pkg/vuln.xml"

if [ $? -ne 0 ]; then
	echo "$0: Can't create temp file, exiting..."
	exit 1
fi

# Build the pkg-audit message header for main host
echo "$(hostname) pkg audit status" >> ${TMPFILE}
echo "" >> ${TMPFILE}

# If PKGAUDIT_FORCEFETCH is enabled, pass -F flag and set VULNXML to a path where Xymon can write
[ ${PKGAUDIT_FORCEFETCH} = "YES" ] && PKGAUDIT_FLAGS="${PKGAUDIT_FLAGS} -F" && VULNXML="-f /usr/local/www/xymon/client/tmp/vuln.xml"

# Run pkg audit and collect output for main host
pkg-static audit ${PKGAUDIT_FLAGS} ${VULNXML} >> ${TMPFILE} || export NONGREEN=1

# Check if we should run on jails too. Grep removes poudriere jails.
if [ ${PKGAUDIT_JAILS} = "YES" ]; then
	for i in $(jls | sed '1d' | egrep -v "${PKGAUDIT_JAILGREP}" | awk '{print $1}'); do
		JAILROOT=$(jls -j ${i} -h path | sed '1d')
		{ echo "" ;
		echo "##############################" ;
		echo "" ;
		echo "jail $(jls -j ${i} -h name | sed '/name/d') pkg audit status" ;
		echo "" ;
		pkg-static -o PKG_DBDIR=${JAILROOT}/var/db/pkg audit ${PKGAUDIT_FLAGS} ${VULNXML} ; } >> ${TMPFILE} || export NONGREEN=1
	done
fi

# Ingest all the pkg audit messages.
MSG=$(cat ${TMPFILE})

# NONGREEN was detected.