From e71c48328aae149691dc38bc3b89994b39fc820e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sven=20M=C3=A4der?= <maeder@phys.ethz.ch>
Date: Wed, 15 May 2019 14:26:49 +0200
Subject: [PATCH] Add xymon vulnerability check

---
 bin/xymon-vulnerabilities.py | 64 ++++++++++++++++++++++++++++++++++++
 1 file changed, 64 insertions(+)
 create mode 100755 bin/xymon-vulnerabilities.py

diff --git a/bin/xymon-vulnerabilities.py b/bin/xymon-vulnerabilities.py
new file mode 100755
index 0000000..18e92c8
--- /dev/null
+++ b/bin/xymon-vulnerabilities.py
@@ -0,0 +1,64 @@
+#!/usr/bin/env python3
+
+import os
+import sys
+from pathlib import Path
+import lib_path
+import lib
+import pyxymon as pymon
+
+CHECK_NAME = 'vulnerabilities'
+CHECK_VERSION = 1
+LIFETIME = 30
+
+cpu_vulnerabilities_base = '/sys/devices/system/cpu/vulnerabilities/'
+cpu_vulnerabilities = ['l1tf','mds','meltdown','spec_store_bypass','spectre_v1','spectre_v2']
+
+def yellow(xymon):
+    if xymon.color != pymon.STATUS_CRITICAL:
+        xymon.color = pymon.STATUS_WARNING
+
+def red(xymon):
+    xymon.color = pymon.STATUS_CRITICAL
+
+
+def run_check(xymon):
+    for vuln in cpu_vulnerabilities:
+        title = ''.join([vuln, ': '])
+        vuln_file = Path(''.join([cpu_vulnerabilities_base, vuln]))
+        if vuln_file.is_file():
+            with open(vuln_file) as f:
+                content = '<br/>'.join(f.readlines())
+            if content.startswith('Vulnerable'):
+                title += 'Vulnerable'
+                red(xymon)
+            else:
+                title += content.split(':')[0]
+        else:
+            title += 'Potentially Vulnerable'
+            content = 'Kernel needs update and host reboot'
+            yellow(xymon)
+        xymon.section(title, content)
+
+
+def main():
+    """Run xymon check"""
+    xymon = pymon.XymonClient(CHECK_NAME)
+    check_script = os.path.basename(__file__)
+    # The default criticity is set to 'pymon.STATUS_OK'
+    xymon.lifetime = LIFETIME
+    xymon.title('Vulnerabilities')
+
+    try:
+        run_check(xymon)
+    except Exception as e:
+        xymon.color = pymon.STATUS_WARNING
+        xymon.section('Exception', e)
+
+    xymon.footer(check_script, CHECK_VERSION)
+    xymon.send()
+
+
+if __name__ == '__main__':
+    main()
+    sys.exit(0)
-- 
GitLab