Skip to content
Snippets Groups Projects
Commit b7e74e9a authored by Sven Mäder's avatar Sven Mäder :speech_balloon:
Browse files

Add regex exclude arguments

parent 1bdd4c82
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
bin/xymon-vulnerabilities.py
+ 23
4
View file @ b7e74e9a
...@@ -2,6 +2,9 @@ ...@@ -2,6 +2,9 @@
import os import os
import sys import sys
import re
import argparse
import traceback
from pathlib import Path from pathlib import Path
try: try:
...@@ -13,9 +16,10 @@ finally: ...@@ -13,9 +16,10 @@ finally:
import pyxymon as pymon import pyxymon as pymon
CHECK_NAME = 'vuln' CHECK_NAME = 'vuln'
CHECK_VERSION = 1 CHECK_VERSION = 2
LIFETIME = 30 LIFETIME = 30
rgx = {}
cpu_vulnerabilities_base = '/sys/devices/system/cpu/vulnerabilities/' cpu_vulnerabilities_base = '/sys/devices/system/cpu/vulnerabilities/'
cpu_vulnerabilities = ['l1tf','mds','meltdown','spec_store_bypass','spectre_v1','spectre_v2'] cpu_vulnerabilities = ['l1tf','mds','meltdown','spec_store_bypass','spectre_v1','spectre_v2']
...@@ -27,7 +31,7 @@ def red(xymon): ...@@ -27,7 +31,7 @@ def red(xymon):
xymon.color = pymon.STATUS_CRITICAL xymon.color = pymon.STATUS_CRITICAL
def run_check(xymon): def run_check(xymon, args):
title = 'CPU' title = 'CPU'
content = [] content = []
...@@ -41,7 +45,10 @@ def run_check(xymon): ...@@ -41,7 +45,10 @@ def run_check(xymon):
if lines.startswith('Vulnerable'): if lines.startswith('Vulnerable'):
icon = '&red' icon = '&red'
red(xymon) if vuln in rgx and rgx[vuln].match(lines):
lines += ''.join([' (ignore: "', args[vuln], '")'])
else:
red(xymon)
else: else:
lines = 'Kernel needs update and host reboot' lines = 'Kernel needs update and host reboot'
icon = '&yellow' icon = '&yellow'
...@@ -53,6 +60,17 @@ def run_check(xymon): ...@@ -53,6 +60,17 @@ def run_check(xymon):
def main(): def main():
parser = argparse.ArgumentParser()
for name in cpu_vulnerabilities:
parser.add_argument(''.join(['--', name]), dest=name, type=str,
help=' '.join([name, 'vulnerable but green if regex matches']))
args = vars(parser.parse_args())
for key, value in args.items():
if args[key]:
print(key, value)
rgx[key] = re.compile(value)
"""Run xymon check""" """Run xymon check"""
xymon = pymon.XymonClient(CHECK_NAME) xymon = pymon.XymonClient(CHECK_NAME)
check_script = os.path.basename(__file__) check_script = os.path.basename(__file__)
...@@ -61,10 +79,11 @@ def main(): ...@@ -61,10 +79,11 @@ def main():
xymon.title('Vulnerabilities') xymon.title('Vulnerabilities')
try: try:
run_check(xymon) run_check(xymon, args)
except Exception as e: except Exception as e:
xymon.color = pymon.STATUS_WARNING xymon.color = pymon.STATUS_WARNING
xymon.section('Exception', e) xymon.section('Exception', e)
traceback.print_exc()
xymon.footer(check_script, CHECK_VERSION) xymon.footer(check_script, CHECK_VERSION)
xymon.send() xymon.send()
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment