Add xymon vulnerability check

e71c4832 · Sven Mäder · 6e7a6033 · e71c4832
Commit e71c4832 authored 5 years ago by Sven Mäder
--- a/bin/xymon-vulnerabilities.py
+++ b/bin/xymon-vulnerabilities.py
+#!/usr/bin/env python3
+
+import os
+import sys
+from pathlib import Path
+import lib_path
+import lib
+import pyxymon as pymon
+
+CHECK_NAME = 'vulnerabilities'
+CHECK_VERSION = 1
+LIFETIME = 30
+
+cpu_vulnerabilities_base = '/sys/devices/system/cpu/vulnerabilities/'
+cpu_vulnerabilities = ['l1tf','mds','meltdown','spec_store_bypass','spectre_v1','spectre_v2']
+
+def yellow(xymon):
+    if xymon.color != pymon.STATUS_CRITICAL:
+        xymon.color = pymon.STATUS_WARNING
+
+def red(xymon):
+    xymon.color = pymon.STATUS_CRITICAL
+
+
+def run_check(xymon):
+    for vuln in cpu_vulnerabilities:
+        title = ''.join([vuln, ': '])
+        vuln_file = Path(''.join([cpu_vulnerabilities_base, vuln]))
+        if vuln_file.is_file():
+            with open(vuln_file) as f:
+                content = '<br/>'.join(f.readlines())
+            if content.startswith('Vulnerable'):
+                title += 'Vulnerable'
+                red(xymon)
+            else:
+                title += content.split(':')[0]
+        else:
+            title += 'Potentially Vulnerable'
+            content = 'Kernel needs update and host reboot'
+            yellow(xymon)
+        xymon.section(title, content)
+
+
+def main():
+    """Run xymon check"""
+    xymon = pymon.XymonClient(CHECK_NAME)
+    check_script = os.path.basename(__file__)
+    # The default criticity is set to 'pymon.STATUS_OK'
+    xymon.lifetime = LIFETIME
+    xymon.title('Vulnerabilities')
+
+    try:
+        run_check(xymon)
+    except Exception as e:
+        xymon.color = pymon.STATUS_WARNING
+        xymon.section('Exception', e)
+
+    xymon.footer(check_script, CHECK_VERSION)
+    xymon.send()
+
+
+if __name__ == '__main__':
+    main()
+    sys.exit(0)