Last active
August 29, 2015 14:13
-
-
Save dlangille/aec6af1179debd99cd6c to your computer and use it in GitHub Desktop.
A simple script which retrieves via SNMP (net-snmp) the list of installed packages on a FreeBSD system and checks for known vulnerabilities with pkg audit. Based upon https://www.cotds.org/~clement/FreeBSD/nagios/check_snmp_pkgvuln
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/sh | |
# | |
# Author: Clement Laforet <clement@FreeBSD.org> | |
# | |
# Converted to pkg audit by Dan Langille <dan@langille.org> | |
# | |
# This script is under beerware licence from Poul-Henning Kamp | |
# <phk@FreeBSD.org>. | |
# | |
# ---------------------------------------------------------------------------- | |
# "THE BEER-WARE LICENSE" (Revision 42): | |
# <clement@FreeBSD.ORG> wrote this file. As long as you retain this notice you | |
# can do whatever you want with this stuff. If we meet some day, and you think | |
# this stuff is worth it, you can buy me a beer in return. Clement Laforet | |
# ---------------------------------------------------------------------------- | |
# | |
# Changelog: | |
# - 20050715: v0.01 initial version. | |
# | |
# | |
HOME="/var/spool/nagios" | |
SED="/usr/bin/sed" | |
SNMPWALK="/usr/local/bin/snmpwalk" | |
PKGAUDIT="/usr/sbin/pkg audit -q" | |
TMPDIR="/tmp" | |
MKTEMP="/usr/bin/mktemp" | |
PROGNAME=`/usr/bin/basename $0` | |
PROGPATH=`/usr/bin/dirname $0` | |
TMPFILE=`${MKTEMP} ${TMPDIR}/${PROGNAME}.XXXXX` || { | |
${ECHO} "failed to created tmp file" | |
exit ${STATE_UNKNOWN} | |
} | |
SNMP_COMMUNITY="public" | |
SNMP_VERSION="1" | |
. $PROGPATH/utils.sh | |
ERROR_RETCODE=${STATE_CRITICAL} | |
usage() { | |
${ECHO} "Usage: $PROGNAME -H <hostname> [-c <community>] [-v <snmp version>] [-E <error code>]\n" | |
${ECHO} "default community is \"public\"\n" | |
${ECHO} "default version is 1\n" | |
${ECHO} "default error code is 2 [critical]\n" | |
} | |
exit_clean() { | |
rm -f ${TMPFILE} | |
exit ${1} | |
} | |
if [ ${#} -lt 1 ]; then | |
usage | |
exit_clean ${STATE_UNKNOWN} | |
fi | |
while getopts "H:c:v:E:h" option | |
do | |
case $option in | |
H) | |
HOSTNAME=${OPTARG} | |
;; | |
h) | |
usage | |
exit_clean ${STATE_OK} | |
;; | |
c) | |
SNMP_COMMUNITY=${OPTARG} | |
;; | |
v) | |
SNMP_VERSION=${OPTARG} | |
;; | |
E) | |
ERROR_RETCODE=${OPTARG} | |
;; | |
*) | |
echo "Unknown argument: $1" | |
usage | |
exit_clean ${STATE_UNKNOWN} | |
;; | |
esac | |
done | |
shift $(($OPTIND - 1)) | |
if [ "x${HOSTNAME}" = "x" ]; then | |
${ECHO} "you need a hostname" | |
exit_clean ${STATE_UNKNOWN} | |
fi | |
${SNMPWALK} -v ${SNMP_VERSION} -c ${SNMP_COMMUNITY} ${HOSTNAME} \ | |
HOST-RESOURCES-MIB::hrSWInstalledName > ${TMPFILE} || {\ | |
exit_clean ${STATE_UNKNOWN} | |
} | |
PKGS=`${SED} -e 's/.*"\(.*\)"$/\1/' ${TMPFILE}` | |
RESULT=`${PKGAUDIT} ${PKGS}` | |
if [ "$?" -ne "0" ] | |
then | |
SPACES=`echo $RESULT | tr -cd ' ' | wc -c` | |
PKGCOUNT=$((SPACES + 1)) | |
echo ${PKGCOUNT} vulnerable packages: ${RESULT} | |
exit_clean ${ERROR_RETCODE} | |
else | |
echo ${RESULT} | |
exit_clean ${STATE_OK} | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment