xymon-ext-scripts

Check-in [7acf202fea]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add PKGAUDIT_FORCEFETCH option, don't force fetch by default We don't have to force a fetch every time because it is automatically updated every 24hr by the 410.pkg-audit periodic script.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | master | trunk
Files: files | file ages | folders
SHA3-256: 7acf202feaf21aa680e6a9a5ac4f25eca8c42636772e62b1211c2c65be875bb6
User & Date: feld@feld.me 2015-01-14 15:25:31
Context
2015-01-28
15:51
add smart script for freebsd check-in: 66e99b70ac user: feld@feld.me tags: master, trunk
2015-01-14
15:25
Add PKGAUDIT_FORCEFETCH option, don't force fetch by default We don't have to force a fetch every time because it is automatically updated every 24hr by the 410.pkg-audit periodic script. check-in: 7acf202fea user: feld@feld.me tags: master, trunk
15:03
It's safe to run -F every time as pkg audit does an HTTP if-modified-since check check-in: 868e890053 user: feld@feld.me tags: master, trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to pkgaudit.sh.

38
39
40
41
42
43
44


45
46
47
48
49
50
51
52
53
54

55
56
57
58
59
60
61
62
63
64



65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# Now restart the xymon client to start using it.

# These can be overridden in xymonclient.cfg
: ${PKGAUDIT_COLOR="yellow"};		# Set color when results are found
: ${PKGAUDIT_JAILS="NO"};		# Audit jails if they don't run their own xymon-client
					# This needs to be capitalized "YES" to enable
: ${PKGAUDIT_JAILGREP="poudriere"};	# Argument to egrep to remove jails with name patterns.



# Xymon doesn't have /usr/local in PATH
PATH=${PATH}:/usr/local/bin:/usr/local/sbin

# Don't edit below unless you know what you're doing
COLUMN=pkgaudit
COLOR=green
PKGAUDIT_FLAGS=""
TMPFILE="$(mktemp -t xymon-client-pkgaudit)"
VULNXML="/usr/local/www/xymon/client/tmp/vuln.xml"


if [ $? -ne 0 ]; then
	echo "$0: Can't create temp file, exiting..."
	exit 1
fi

# Build the pkg-audit message header for main host
echo "$(hostname) pkg audit status" >> ${TMPFILE}
echo "" >> ${TMPFILE}




# Run pkg audit and collect output for main host. Use -F always here.
# Jail checks below don't need -F as it was done here.
pkg-static audit -F -f ${VULNXML} >> ${TMPFILE} || export NONGREEN=1

# Check if we should run on jails too. Grep removes poudriere jails.
if [ ${PKGAUDIT_JAILS} = "YES" ]; then
	for i in $(jls | sed '1d' | egrep -v "${PKGAUDIT_JAILGREP}" | awk '{print $1}'); do
		JAILROOT=$(jls -j ${i} -h path | sed '1d')
		echo "" >> ${TMPFILE}
		echo "##############################" >> ${TMPFILE}
		echo "" >> ${TMPFILE}
		echo "jail $(jexec ${i} hostname) pkg audit status" >> ${TMPFILE}
		pkg-static -o PKG_DBDIR=${JAILROOT}/var/db/pkg audit -f ${VULNXML} >> ${TMPFILE} || export NONGREEN=1
	done
fi

# Ingest all the pkg audit messages.
MSG=$(cat ${TMPFILE})

# NONGREEN was detected.







>
>









|
>










>
>
>


|









|







38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# Now restart the xymon client to start using it.

# These can be overridden in xymonclient.cfg
: ${PKGAUDIT_COLOR="yellow"};		# Set color when results are found
: ${PKGAUDIT_JAILS="NO"};		# Audit jails if they don't run their own xymon-client
					# This needs to be capitalized "YES" to enable
: ${PKGAUDIT_JAILGREP="poudriere"};	# Argument to egrep to remove jails with name patterns.
: ${PKGAUDIT_FORCEFETCH="NO"};		# Attempt to always fetch vuln.xml -- every 5 mins!
					# This needs to be capitalized "YES" to enable

# Xymon doesn't have /usr/local in PATH
PATH=${PATH}:/usr/local/bin:/usr/local/sbin

# Don't edit below unless you know what you're doing
COLUMN=pkgaudit
COLOR=green
PKGAUDIT_FLAGS=""
TMPFILE="$(mktemp -t xymon-client-pkgaudit)"
FETCH=""
VULNXML="-f /var/db/pkg/vuln.xml"

if [ $? -ne 0 ]; then
	echo "$0: Can't create temp file, exiting..."
	exit 1
fi

# Build the pkg-audit message header for main host
echo "$(hostname) pkg audit status" >> ${TMPFILE}
echo "" >> ${TMPFILE}

# If PKGAUDIT_FORCEFETCH is enabled, pass -F flag and set VULNXML to a path where Xymon can write
[ ${PKGAUDIT_FORCEFETCH} = "YES" ] && FETCH="-F" && VULNXML="-f /usr/local/www/xymon/client/tmp/vuln.xml"

# Run pkg audit and collect output for main host. Use -F always here.
# Jail checks below don't need -F as it was done here.
pkg-static audit ${FETCH} ${VULNXML} >> ${TMPFILE} || export NONGREEN=1

# Check if we should run on jails too. Grep removes poudriere jails.
if [ ${PKGAUDIT_JAILS} = "YES" ]; then
	for i in $(jls | sed '1d' | egrep -v "${PKGAUDIT_JAILGREP}" | awk '{print $1}'); do
		JAILROOT=$(jls -j ${i} -h path | sed '1d')
		echo "" >> ${TMPFILE}
		echo "##############################" >> ${TMPFILE}
		echo "" >> ${TMPFILE}
		echo "jail $(jexec ${i} hostname) pkg audit status" >> ${TMPFILE}
		pkg-static -o PKG_DBDIR=${JAILROOT}/var/db/pkg audit ${VULNXML} >> ${TMPFILE} || export NONGREEN=1
	done
fi

# Ingest all the pkg audit messages.
MSG=$(cat ${TMPFILE})

# NONGREEN was detected.