Skip to content

Instantly share code, notes, and snippets.

@aomoriringo

aomoriringo/README.md

Last active Jul 25, 2016
Embed
What would you like to do?
vuls scan&zabbixにsend

config.tomlでサーバ名をZabbix上の名前と一致させておくこと zabbix上で以下のitemを作成しておく

  • number of vulnerabilities

    • Type: Zabbix Trapper
    • Key: nvd_count
    • Type of information: Numeric (unsigned)
    • Data type: Decimal
  • max vulnerability

    • Type: Zabbix Trapper
    • Key: nvd_max
    • Type of information: Numeric (unsigned)
    • Data type: Decimal

この状態でbenri.shをcronで毎日実行とかさせるようにする

#/bin/bash
VULS_ROOT="/root/vuls"
VULS_RESULT_DIR="$VULS_ROOT/results"
vuls scan -cve-dictionary-dbpath=$VULS_ROOT/cve.sqlite3 -report-json
files="$VULS_RESULT_DIR/current/*"
for filepath in $files; do
TARGET_NAME=`basename $filepath .json`
if [ "$TARGET_NAME" == "all" ]
then
continue
fi
zabbix_sender -z localhost -s $TARGET_NAME -k nvd_count -o `cat $filepath | jq '[.KnownCves[]?, .UnknownCves[]? | .CveDetail.CveID] | length'`
zabbix_sender -z localhost -s $TARGET_NAME -k nvd_max -o `cat $filepath | jq '[.KnownCves[]?, .UnknownCves[]? | .CveDetail.Nvd.Score]+[0] | max'`
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment