NRPE mode

1 files changed, 28 insertions, 0 deletions

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index 71e740b..b707f46 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -35,6 +35,7 @@ show_usage()
 		--no-color			Don't use color codes
 		-v, --verbose			Increase verbosity level
 		--batch				Produce machine readable output
+		--nrpe				Produce output formatted for NRPE monitoring
 
 	IMPORTANT:
 	A false sense of security is worse than no security at all.
@@ -76,7 +77,11 @@ opt_live_explicit=0
 opt_live=1
 opt_no_color=0
 opt_batch=0
+opt_nrpe=0
 opt_verbose=1
+nrpe_critical=0
+nrpe_unknown=0
+nrpe_vuln=""
 
 __echo()
 {
@@ -236,6 +241,11 @@ while [ -n "$1" ]; do
 		opt_batch=1
 		opt_verbose=0
 		shift
+	elif [ "$1" = "--nrpe" ]; then
+		opt_nrpe=1
+		opt_batch=0
+		opt_verbose=0
+		shift
 	elif [ "$1" = "-v" -o "$1" = "--verbose" ]; then
 		opt_verbose=$(expr $opt_verbose + 1)
 		shift
@@ -281,6 +291,13 @@ pstatus()
 pvulnstatus()
 {
 	[ "$opt_batch" = 1 ] && _echo 0 "$1: $2 ($3)"
+	if [ "$opt_nrpe" = 1 ]; then
+		case "$2" in
+			UKN) nrpe_unknown="1";;
+			VULN) nrpe_critical="1"; nrpe_vuln="$nrpe_vuln $1";;
+		esac
+	fi
+
 	_info_nol "> \033[46m\033[30mSTATUS:\033[0m "
 	vulnstatus="$2"
 	shift 2
@@ -728,3 +745,14 @@ _info
 _info "A false sense of security is worse than no security at all, see --disclaimer"
 
 [ -n "$dumped_config" ] && rm -f "$dumped_config"
+
+if [ "$opt_nrpe" = 1 ]; then
+	if [ ! -z "$nrpe_vuln" ]; then
+		echo "Vulnerable:$nrpe_vuln"
+	else
+		echo "OK"
+	fi
+	[ "$nrpe_critical" = 1 ] && exit 2  # critical
+	[ "$nrpe_unknown" = 1 ] && exit 3  # unknown
+	exit 0  # ok
+fi