xymon-ext-scripts

Check-in [911a7c8e24]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Cleanup, don't call jexec because you can't as non-root.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | master | trunk
Files: files | file ages | folders
SHA3-256: 911a7c8e242388758bb33b4877b05a1efce428fff7acbd26dce53db1fc667832
User & Date: feld@feld.me 2016-08-16 00:01:47
Context
2016-08-16
00:05
Always check kernel version from uname, otherwise you can be fooled into believing you've booted into the updated kernel check-in: bbfdb16dd8 user: feld@feld.me tags: master, trunk
00:01
Cleanup, don't call jexec because you can't as non-root. check-in: 911a7c8e24 user: feld@feld.me tags: master, trunk
2016-08-15
23:47
Add support for jails check-in: d623a16ced user: feld@feld.me tags: master, trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to baseaudit.sh.

34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
..
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
...
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#        CMD $XYMONCLIENTHOME/ext/baseaudit.sh
#        LOGFILE $XYMONCLIENTLOGS/baseaudit.log
#        INTERVAL 5m
#
# Now restart the xymon client to start using it.

# These can be overridden in xymonclient.cfg
: ${BASEAUDIT_COLOR="yellow"};         # Set color when results are found
: ${BASEAUDIT_JAILS="NO"};             # Audit jails if they don't run their own xymon-client
                                       # This needs to be capitalized "YES" to enable
: ${BASEAUDIT_JAILGREP="poudriere"};   # Argument to egrep to remove jails with name patterns.
: ${BASEAUDIT_FORCEFETCH="NO"};        # Attempt to always fetch vuln.xml -- every 5 mins!
                                       # This needs to be capitalized "YES" to enable

# Xymon doesn't have /usr/local in PATH
PATH=${PATH}:/usr/local/bin:/usr/local/sbin

# Don't edit below unless you know what you're doing
COLUMN=baseaudit
COLOR=green
................................................................................

if [ $? -ne 0 ]; then
    echo "$0: Can't create temp file, exiting..."
    exit 1
fi

# Build the pkg-audit message header for main host
echo "$(hostname) pkg audit status" >> ${TMPFILE}
echo "" >> ${TMPFILE}

# If BASEAUDIT_FORCEFETCH is enabled, pass -F flag and set VULNXML to a path where Xymon can write
[ ${BASEAUDIT_FORCEFETCH} = "YES" ] && BASEAUDIT_FLAGS="${BASEAUDIT_FLAGS} -F" && VULNXML="-f /usr/local/www/xymon/client/tmp/vuln.xml"

if [ -e /bin/freebsd-version ] ; then
    export KERNELVER="$(freebsd-version -k)"
................................................................................
[ ${NOKERNELVER} ] && [ ${NOBASEVER} ] && [ ${BASEAUDIT_JAILS} = "NO" ] && exit 0

# Check if we should run on jails too. Grep removes poudriere jails.
if [ ${BASEAUDIT_JAILS} = "YES" ]; then
    for i in $(jls -N | sed '1d' | sort | egrep -v "${BASEAUDIT_JAILGREP}" | awk '{print $1}'); do
        JAILROOT=$(jls -j ${i} -h path | sed '1d')
        if [ -e ${JAILROOT}/bin/freebsd-version ]; then
          BASEVER=$(jexec ${i} /bin/freebsd-version -u)
          # Check to make sure we're working with a RELEASE for the base
          case "${BASEVER}" in
            *PRERELEASE*)
              # Not a RELEASE, move to next jail
              continue 
              ;;
            *RELEASE*)







|
|
|
|
|
|







 







|







 







|







34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
..
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
...
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#        CMD $XYMONCLIENTHOME/ext/baseaudit.sh
#        LOGFILE $XYMONCLIENTLOGS/baseaudit.log
#        INTERVAL 5m
#
# Now restart the xymon client to start using it.

# These can be overridden in xymonclient.cfg
: ${BASEAUDIT_COLOR="yellow"}         # Set color when results are found
: ${BASEAUDIT_JAILS="NO"}             # Audit jails if they don't run their own xymon-client
                                      # This needs to be capitalized "YES" to enable
: ${BASEAUDIT_JAILGREP="poudriere"}   # Argument to egrep to remove jails with name patterns.
: ${BASEAUDIT_FORCEFETCH="NO"}        # Attempt to always fetch vuln.xml -- every 5 mins!
                                      # This needs to be capitalized "YES" to enable

# Xymon doesn't have /usr/local in PATH
PATH=${PATH}:/usr/local/bin:/usr/local/sbin

# Don't edit below unless you know what you're doing
COLUMN=baseaudit
COLOR=green
................................................................................

if [ $? -ne 0 ]; then
    echo "$0: Can't create temp file, exiting..."
    exit 1
fi

# Build the pkg-audit message header for main host
echo "$(hostname) base audit status" >> ${TMPFILE}
echo "" >> ${TMPFILE}

# If BASEAUDIT_FORCEFETCH is enabled, pass -F flag and set VULNXML to a path where Xymon can write
[ ${BASEAUDIT_FORCEFETCH} = "YES" ] && BASEAUDIT_FLAGS="${BASEAUDIT_FLAGS} -F" && VULNXML="-f /usr/local/www/xymon/client/tmp/vuln.xml"

if [ -e /bin/freebsd-version ] ; then
    export KERNELVER="$(freebsd-version -k)"
................................................................................
[ ${NOKERNELVER} ] && [ ${NOBASEVER} ] && [ ${BASEAUDIT_JAILS} = "NO" ] && exit 0

# Check if we should run on jails too. Grep removes poudriere jails.
if [ ${BASEAUDIT_JAILS} = "YES" ]; then
    for i in $(jls -N | sed '1d' | sort | egrep -v "${BASEAUDIT_JAILGREP}" | awk '{print $1}'); do
        JAILROOT=$(jls -j ${i} -h path | sed '1d')
        if [ -e ${JAILROOT}/bin/freebsd-version ]; then
          BASEVER=$(${JAILROOT}/bin/freebsd-version -u)
          # Check to make sure we're working with a RELEASE for the base
          case "${BASEVER}" in
            *PRERELEASE*)
              # Not a RELEASE, move to next jail
              continue 
              ;;
            *RELEASE*)