dlangille/check_snmp_pkgvuln

## check_snmp_pkgvuln
#! /bin/sh
#
# Author: Clement Laforet <clement@FreeBSD.org>
#
# Converted to pkg audit by Dan Langille <dan@langille.org>
#
# This script is under beerware licence from Poul-Henning Kamp
# <phk@FreeBSD.org>.
#
# ----------------------------------------------------------------------------
# "THE BEER-WARE LICENSE" (Revision 42):
# <clement@FreeBSD.ORG> wrote this file.  As long as you retain this notice you
# can do whatever you want with this stuff. If we meet some day, and you think
# this stuff is worth it, you can buy me a beer in return.   Clement Laforet
# ----------------------------------------------------------------------------
#
# Changelog:
#    - 20050715: v0.01 initial version.
#
#
HOME="/var/spool/nagios"
SED="/usr/bin/sed"
SNMPWALK="/usr/local/bin/snmpwalk"
PKGAUDIT="/usr/sbin/pkg audit -q"

TMPDIR="/tmp"
MKTEMP="/usr/bin/mktemp"
PROGNAME=`/usr/bin/basename $0`
PROGPATH=`/usr/bin/dirname $0`
TMPFILE=`${MKTEMP} ${TMPDIR}/${PROGNAME}.XXXXX` || {
	${ECHO} "failed to created tmp file"
	exit ${STATE_UNKNOWN}
}

SNMP_COMMUNITY="public"
SNMP_VERSION="1"

. $PROGPATH/utils.sh

ERROR_RETCODE=${STATE_CRITICAL}

usage() {
    ${ECHO} "Usage: $PROGNAME -H <hostname> [-c <community>] [-v <snmp version>] [-E <error code>]\n"
    ${ECHO} "default community is \"public\"\n"
    ${ECHO} "default version is 1\n"
    ${ECHO} "default error code is 2 [critical]\n"
}

exit_clean() {
	rm -f ${TMPFILE}
	exit ${1}
}

if [ ${#} -lt 1 ]; then
    usage
    exit_clean ${STATE_UNKNOWN}
fi

while getopts "H:c:v:E:h" option
do
    case $option in
        H)
            HOSTNAME=${OPTARG}
            ;;
        h)
            usage
            exit_clean ${STATE_OK}
            ;;
        c)
            SNMP_COMMUNITY=${OPTARG}
            ;;
        v)
            SNMP_VERSION=${OPTARG}
            ;;
        E)
            ERROR_RETCODE=${OPTARG}
            ;;
        *)
            echo "Unknown argument: $1"
            usage
            exit_clean ${STATE_UNKNOWN}
            ;;
    esac
done
shift $(($OPTIND - 1))


if [ "x${HOSTNAME}" = "x" ]; then
    ${ECHO} "you need a hostname"
      exit_clean ${STATE_UNKNOWN}
fi

${SNMPWALK} -v ${SNMP_VERSION} -c ${SNMP_COMMUNITY} ${HOSTNAME} \
			HOST-RESOURCES-MIB::hrSWInstalledName > ${TMPFILE} || {\
				exit_clean ${STATE_UNKNOWN}
			}

PKGS=`${SED} -e 's/.*"\(.*\)"$/\1/' ${TMPFILE}`
RESULT=`${PKGAUDIT} ${PKGS}`

if [ "$?" -ne "0" ]
then
        SPACES=`echo $RESULT | tr -cd ' ' | wc -c`
        PKGCOUNT=$((SPACES + 1))
	echo ${PKGCOUNT} vulnerable packages: ${RESULT}
	exit_clean ${ERROR_RETCODE}
else
	echo ${RESULT}
	exit_clean ${STATE_OK}
fi
	#! /bin/sh
	#
	# Author: Clement Laforet <clement@FreeBSD.org>
	#
	# Converted to pkg audit by Dan Langille <dan@langille.org>
	#
	# This script is under beerware licence from Poul-Henning Kamp
	# <phk@FreeBSD.org>.
	#
	# ----------------------------------------------------------------------------
	# "THE BEER-WARE LICENSE" (Revision 42):
	# <clement@FreeBSD.ORG> wrote this file. As long as you retain this notice you
	# can do whatever you want with this stuff. If we meet some day, and you think
	# this stuff is worth it, you can buy me a beer in return. Clement Laforet
	# ----------------------------------------------------------------------------
	#
	# Changelog:
	# - 20050715: v0.01 initial version.
	#
	#
	HOME="/var/spool/nagios"
	SED="/usr/bin/sed"
	SNMPWALK="/usr/local/bin/snmpwalk"
	PKGAUDIT="/usr/sbin/pkg audit -q"

	TMPDIR="/tmp"
	MKTEMP="/usr/bin/mktemp"
	PROGNAME=`/usr/bin/basename $0`
	PROGPATH=`/usr/bin/dirname $0`
	TMPFILE=`${MKTEMP} ${TMPDIR}/${PROGNAME}.XXXXX` \|\| {
	${ECHO} "failed to created tmp file"
	exit ${STATE_UNKNOWN}
	}

	SNMP_COMMUNITY="public"
	SNMP_VERSION="1"

	. $PROGPATH/utils.sh

	ERROR_RETCODE=${STATE_CRITICAL}

	usage() {
	${ECHO} "Usage: $PROGNAME -H <hostname> [-c <community>] [-v <snmp version>] [-E <error code>]\n"
	${ECHO} "default community is \"public\"\n"
	${ECHO} "default version is 1\n"
	${ECHO} "default error code is 2 [critical]\n"
	}

	exit_clean() {
	rm -f ${TMPFILE}
	exit ${1}
	}

	if [ ${#} -lt 1 ]; then
	usage
	exit_clean ${STATE_UNKNOWN}
	fi

	while getopts "H:c:v:E:h" option
	do
	case $option in
	H)
	HOSTNAME=${OPTARG}
	;;
	h)
	usage
	exit_clean ${STATE_OK}
	;;
	c)
	SNMP_COMMUNITY=${OPTARG}
	;;
	v)
	SNMP_VERSION=${OPTARG}
	;;
	E)
	ERROR_RETCODE=${OPTARG}
	;;
	*)
	echo "Unknown argument: $1"
	usage
	exit_clean ${STATE_UNKNOWN}
	;;
	esac
	done
	shift $(($OPTIND - 1))


	if [ "x${HOSTNAME}" = "x" ]; then
	${ECHO} "you need a hostname"
	exit_clean ${STATE_UNKNOWN}
	fi

	${SNMPWALK} -v ${SNMP_VERSION} -c ${SNMP_COMMUNITY} ${HOSTNAME} \
	HOST-RESOURCES-MIB::hrSWInstalledName > ${TMPFILE} \|\| {\
	exit_clean ${STATE_UNKNOWN}
	}

	PKGS=`${SED} -e 's/."\(.\)"$/\1/' ${TMPFILE}`
	RESULT=`${PKGAUDIT} ${PKGS}`

	if [ "$?" -ne "0" ]
	then
	SPACES=`echo $RESULT \| tr -cd ' ' \| wc -c`
	PKGCOUNT=$((SPACES + 1))
	echo ${PKGCOUNT} vulnerable packages: ${RESULT}
	exit_clean ${ERROR_RETCODE}
	else
	echo ${RESULT}
	exit_clean ${STATE_OK}
	fi