diff options
| author | Stéphane Lesimple <speed47_github@speed47.net> | 2018-01-10 15:11:45 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-01-10 15:11:45 +0100 |
| commit | 5389ac6844df34a0b5cc4503f28205fd6c34a6e6 (patch) | |
| tree | 387407791ef2f864c90e8a8ff0586a028da3fc86 | |
| parent | 36fb83215a8909fbf6cb21a205a6ccfa0312e0c2 (diff) | |
| parent | 59fe8c2ad88208d1aa5fb74a5a0869a8d0fa117f (diff) | |
| download | spectre-meltdown-checker-5389ac6844df34a0b5cc4503f28205fd6c34a6e6.tar.lz spectre-meltdown-checker-5389ac6844df34a0b5cc4503f28205fd6c34a6e6.tar.xz spectre-meltdown-checker-5389ac6844df34a0b5cc4503f28205fd6c34a6e6.zip | |
Merge pull request #41 from bang-communications/master
NRPE mode
| -rwxr-xr-x | spectre-meltdown-checker.sh | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index 71e740b..c0a5eba 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -35,6 +35,7 @@ show_usage() --no-color Don't use color codes -v, --verbose Increase verbosity level --batch Produce machine readable output + --batch nrpe Produce machine readable output formatted for NRPE IMPORTANT: A false sense of security is worse than no security at all. @@ -76,8 +77,13 @@ opt_live_explicit=0 opt_live=1 opt_no_color=0 opt_batch=0 +opt_batch_format="text" opt_verbose=1 +nrpe_critical=0 +nrpe_unknown=0 +nrpe_vuln="" + __echo() { opt="$1" @@ -236,6 +242,16 @@ while [ -n "$1" ]; do opt_batch=1 opt_verbose=0 shift + case "$1" in + text|nrpe) opt_batch_format="$1"; shift;; + --*) ;; # allow subsequent flags + '') ;; # allow nothing at all + *) + echo "$0: error: unknown batch format '$1'" + echo "$0: error: --batch expects a format from: text, nrpe" + exit 1 >&2 + ;; + esac elif [ "$1" = "-v" -o "$1" = "--verbose" ]; then opt_verbose=$(expr $opt_verbose + 1) shift @@ -280,7 +296,18 @@ pstatus() # Arguments are: CVE UNK/OK/VULN description pvulnstatus() { - [ "$opt_batch" = 1 ] && _echo 0 "$1: $2 ($3)" + if [ "$opt_batch" = 1 ]; then + case "$opt_batch_format" in + text) _echo 0 "$1: $2 ($3)";; + nrpe) + case "$2" in + UKN) nrpe_unknown="1";; + VULN) nrpe_critical="1"; nrpe_vuln="$nrpe_vuln $1";; + esac + ;; + esac + fi + _info_nol "> \033[46m\033[30mSTATUS:\033[0m " vulnstatus="$2" shift 2 @@ -728,3 +755,14 @@ _info _info "A false sense of security is worse than no security at all, see --disclaimer" [ -n "$dumped_config" ] && rm -f "$dumped_config" + +if [ "$opt_batch" = 1 -a "$opt_batch_format" = "nrpe" ]; then + if [ ! -z "$nrpe_vuln" ]; then + echo "Vulnerable:$nrpe_vuln" + else + echo "OK" + fi + [ "$nrpe_critical" = 1 ] && exit 2 # critical + [ "$nrpe_unknown" = 1 ] && exit 3 # unknown + exit 0 # ok +fi |