xymon-ext-scripts

Check-in [83774b57b1]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Remove the ability to do the FORCEFETCH of vuxml, because that's pretty damn rude
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | master | trunk
Files: files | file ages | folders
SHA3-256:83774b57b1661ecd01eb5d407475cf9bd8284242604721d0696456199898f6e9
User & Date: feld@feld.me 2015-08-18 15:46:15
Context
2015-08-24
23:14
Fix documentation of where to activate these scripts check-in: 584526c1f6 user: feld@feld.me tags: master, trunk
2015-08-18
15:46
Remove the ability to do the FORCEFETCH of vuxml, because that's pretty damn rude check-in: 83774b57b1 user: feld@feld.me tags: master, trunk
2015-04-24
12:52
Add -r as default flag to pkg audit This will print dependencies of the vulnerable package check-in: 171b1305de user: feld@feld.me tags: master, trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to pkgaudit.sh.

38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
..
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# Now restart the xymon client to start using it.

# These can be overridden in xymonclient.cfg
: ${PKGAUDIT_COLOR="yellow"};		# Set color when results are found
: ${PKGAUDIT_JAILS="NO"};		# Audit jails if they don't run their own xymon-client
					# This needs to be capitalized "YES" to enable
: ${PKGAUDIT_JAILGREP="poudriere"};	# Argument to egrep to remove jails with name patterns.
: ${PKGAUDIT_FORCEFETCH="NO"};		# Attempt to always fetch vuln.xml -- every 5 mins!
					# This needs to be capitalized "YES" to enable

# Xymon doesn't have /usr/local in PATH
PATH=${PATH}:/usr/local/bin:/usr/local/sbin

# Don't edit below unless you know what you're doing
COLUMN=pkgaudit
COLOR=green
................................................................................
	exit 1
fi

# Build the pkg-audit message header for main host
echo "$(hostname) pkg audit status" >> ${TMPFILE}
echo "" >> ${TMPFILE}

# If PKGAUDIT_FORCEFETCH is enabled, pass -F flag and set VULNXML to a path where Xymon can write
[ ${PKGAUDIT_FORCEFETCH} = "YES" ] && PKGAUDIT_FLAGS="${PKGAUDIT_FLAGS} -F" && VULNXML="-f /usr/local/www/xymon/client/tmp/vuln.xml"

# Run pkg audit and collect output for main host
pkg-static audit ${PKGAUDIT_FLAGS} ${VULNXML} >> ${TMPFILE} || export NONGREEN=1

# Check if we should run on jails too. Grep removes poudriere jails.
if [ ${PKGAUDIT_JAILS} = "YES" ]; then
	for i in $(jls | sed '1d' | egrep -v "${PKGAUDIT_JAILGREP}" | awk '{print $1}'); do
		JAILROOT=$(jls -j ${i} -h path | sed '1d')







<
<







 







<
<
<







38
39
40
41
42
43
44


45
46
47
48
49
50
51
..
58
59
60
61
62
63
64



65
66
67
68
69
70
71
# Now restart the xymon client to start using it.

# These can be overridden in xymonclient.cfg
: ${PKGAUDIT_COLOR="yellow"};		# Set color when results are found
: ${PKGAUDIT_JAILS="NO"};		# Audit jails if they don't run their own xymon-client
					# This needs to be capitalized "YES" to enable
: ${PKGAUDIT_JAILGREP="poudriere"};	# Argument to egrep to remove jails with name patterns.



# Xymon doesn't have /usr/local in PATH
PATH=${PATH}:/usr/local/bin:/usr/local/sbin

# Don't edit below unless you know what you're doing
COLUMN=pkgaudit
COLOR=green
................................................................................
	exit 1
fi

# Build the pkg-audit message header for main host
echo "$(hostname) pkg audit status" >> ${TMPFILE}
echo "" >> ${TMPFILE}




# Run pkg audit and collect output for main host
pkg-static audit ${PKGAUDIT_FLAGS} ${VULNXML} >> ${TMPFILE} || export NONGREEN=1

# Check if we should run on jails too. Grep removes poudriere jails.
if [ ${PKGAUDIT_JAILS} = "YES" ]; then
	for i in $(jls | sed '1d' | egrep -v "${PKGAUDIT_JAILGREP}" | awk '{print $1}'); do
		JAILROOT=$(jls -j ${i} -h path | sed '1d')