xymon-ext-scripts

Check-in [868e890053]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:It's safe to run -F every time as pkg audit does an HTTP if-modified-since check
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | master | trunk
Files: files | file ages | folders
SHA3-256: 868e89005308c49abdd49f0049517bf4e039d507f2b2f2aef6c0c50747e9f1c1
User & Date: feld@feld.me 2015-01-14 15:03:16
Context
2015-01-14
15:25
Add PKGAUDIT_FORCEFETCH option, don't force fetch by default We don't have to force a fetch every time because it is automatically updated every 24hr by the 410.pkg-audit periodic script. check-in: 7acf202fea user: feld@feld.me tags: master, trunk
15:03
It's safe to run -F every time as pkg audit does an HTTP if-modified-since check check-in: 868e890053 user: feld@feld.me tags: master, trunk
02:23
Add fancy status icon and standard-ish verbiage check-in: 86fe3a1d4f user: root@vm.feld.me tags: master, trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to pkgaudit.sh.

47
48
49
50
51
52
53

54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
PATH=${PATH}:/usr/local/bin:/usr/local/sbin

# Don't edit below unless you know what you're doing
COLUMN=pkgaudit
COLOR=green
PKGAUDIT_FLAGS=""
TMPFILE="$(mktemp -t xymon-client-pkgaudit)"


if [ $? -ne 0 ]; then
	echo "$0: Can't create temp file, exiting..."
	exit 1
fi

# Check if the vuln.xml exists. If not, we'll force a fetch.
if [ ! -e /var/db/pkg/vuln.xml ]; then
    PKGAUDIT_FLAGS="-F"
fi

# If vuln.xml is older than 24h, we'll also force a fetch.
if [ "$(find /var/db/pkg/vuln.xml -mtime +24h)" != "" ]; then 
    PKGAUDIT_FLAGS="-F"; 
fi

# Build the pkg-audit message header for main host
echo "$(hostname) pkg audit status" >> ${TMPFILE}
echo "" >> ${TMPFILE}

# Run pkg audit and collect output for main host

pkg-static audit ${PKGAUDIT_FLAGS} >> ${TMPFILE} || export NONGREEN=1

# Check if we should run on jails too. Grep removes poudriere jails.
if [ ${PKGAUDIT_JAILS} = "YES" ]; then
	for i in $(jls | sed '1d' | egrep -v "${PKGAUDIT_JAILGREP}" | awk '{print $1}'); do
		JAILROOT=$(jls -j ${i} -h path | sed '1d')
		echo "" >> ${TMPFILE}
		echo "##############################" >> ${TMPFILE}
		echo "" >> ${TMPFILE}
		echo "jail $(jexec ${i} hostname) pkg audit status" >> ${TMPFILE}
		pkg-static -o PKG_DBDIR=${JAILROOT}/var/db/pkg audit -f /var/db/pkg/vuln.xml >> ${TMPFILE} || export NONGREEN=1
	done
fi

# Ingest all the pkg audit messages.
MSG=$(cat ${TMPFILE})

# NONGREEN was detected.







>






<
<
<
<
<
<
<
<
<
<




|
>
|









|







47
48
49
50
51
52
53
54
55
56
57
58
59
60










61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
PATH=${PATH}:/usr/local/bin:/usr/local/sbin

# Don't edit below unless you know what you're doing
COLUMN=pkgaudit
COLOR=green
PKGAUDIT_FLAGS=""
TMPFILE="$(mktemp -t xymon-client-pkgaudit)"
VULNXML="/usr/local/www/xymon/client/tmp/vuln.xml"

if [ $? -ne 0 ]; then
	echo "$0: Can't create temp file, exiting..."
	exit 1
fi











# Build the pkg-audit message header for main host
echo "$(hostname) pkg audit status" >> ${TMPFILE}
echo "" >> ${TMPFILE}

# Run pkg audit and collect output for main host. Use -F always here.
# Jail checks below don't need -F as it was done here.
pkg-static audit -F -f ${VULNXML} >> ${TMPFILE} || export NONGREEN=1

# Check if we should run on jails too. Grep removes poudriere jails.
if [ ${PKGAUDIT_JAILS} = "YES" ]; then
	for i in $(jls | sed '1d' | egrep -v "${PKGAUDIT_JAILGREP}" | awk '{print $1}'); do
		JAILROOT=$(jls -j ${i} -h path | sed '1d')
		echo "" >> ${TMPFILE}
		echo "##############################" >> ${TMPFILE}
		echo "" >> ${TMPFILE}
		echo "jail $(jexec ${i} hostname) pkg audit status" >> ${TMPFILE}
		pkg-static -o PKG_DBDIR=${JAILROOT}/var/db/pkg audit -f ${VULNXML} >> ${TMPFILE} || export NONGREEN=1
	done
fi

# Ingest all the pkg audit messages.
MSG=$(cat ${TMPFILE})

# NONGREEN was detected.