From 381038ecebb6ad4da5adad6f64ca33492733df20 Mon Sep 17 00:00:00 2001 From: Marcus Downing Date: Wed, 10 Jan 2018 11:18:45 +0000 Subject: [PATCH] NRPE mode --- spectre-meltdown-checker.sh | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index 71e740b..b707f46 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -35,6 +35,7 @@ show_usage() --no-color Don't use color codes -v, --verbose Increase verbosity level --batch Produce machine readable output + --nrpe Produce output formatted for NRPE monitoring IMPORTANT: A false sense of security is worse than no security at all. @@ -76,7 +77,11 @@ opt_live_explicit=0 opt_live=1 opt_no_color=0 opt_batch=0 +opt_nrpe=0 opt_verbose=1 +nrpe_critical=0 +nrpe_unknown=0 +nrpe_vuln="" __echo() { @@ -236,6 +241,11 @@ while [ -n "$1" ]; do opt_batch=1 opt_verbose=0 shift + elif [ "$1" = "--nrpe" ]; then + opt_nrpe=1 + opt_batch=0 + opt_verbose=0 + shift elif [ "$1" = "-v" -o "$1" = "--verbose" ]; then opt_verbose=$(expr $opt_verbose + 1) shift @@ -281,6 +291,13 @@ pstatus() pvulnstatus() { [ "$opt_batch" = 1 ] && _echo 0 "$1: $2 ($3)" + if [ "$opt_nrpe" = 1 ]; then + case "$2" in + UKN) nrpe_unknown="1";; + VULN) nrpe_critical="1"; nrpe_vuln="$nrpe_vuln $1";; + esac + fi + _info_nol "> \033[46m\033[30mSTATUS:\033[0m " vulnstatus="$2" shift 2 @@ -728,3 +745,14 @@ _info _info "A false sense of security is worse than no security at all, see --disclaimer" [ -n "$dumped_config" ] && rm -f "$dumped_config" + +if [ "$opt_nrpe" = 1 ]; then + if [ ! -z "$nrpe_vuln" ]; then + echo "Vulnerable:$nrpe_vuln" + else + echo "OK" + fi + [ "$nrpe_critical" = 1 ] && exit 2 # critical + [ "$nrpe_unknown" = 1 ] && exit 3 # unknown + exit 0 # ok +fi