From 381038ecebb6ad4da5adad6f64ca33492733df20 Mon Sep 17 00:00:00 2001
From: Marcus Downing <marcus@bang-on.net>
Date: Wed, 10 Jan 2018 11:18:45 +0000
Subject: [PATCH 1/4] NRPE mode

---
 spectre-meltdown-checker.sh | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index 71e740b..b707f46 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -35,6 +35,7 @@ show_usage()
 		--no-color			Don't use color codes
 		-v, --verbose			Increase verbosity level
 		--batch				Produce machine readable output
+		--nrpe				Produce output formatted for NRPE monitoring
 
 	IMPORTANT:
 	A false sense of security is worse than no security at all.
@@ -76,7 +77,11 @@ opt_live_explicit=0
 opt_live=1
 opt_no_color=0
 opt_batch=0
+opt_nrpe=0
 opt_verbose=1
+nrpe_critical=0
+nrpe_unknown=0
+nrpe_vuln=""
 
 __echo()
 {
@@ -236,6 +241,11 @@ while [ -n "$1" ]; do
 		opt_batch=1
 		opt_verbose=0
 		shift
+	elif [ "$1" = "--nrpe" ]; then
+		opt_nrpe=1
+		opt_batch=0
+		opt_verbose=0
+		shift
 	elif [ "$1" = "-v" -o "$1" = "--verbose" ]; then
 		opt_verbose=$(expr $opt_verbose + 1)
 		shift
@@ -281,6 +291,13 @@ pstatus()
 pvulnstatus()
 {
 	[ "$opt_batch" = 1 ] && _echo 0 "$1: $2 ($3)"
+	if [ "$opt_nrpe" = 1 ]; then
+		case "$2" in
+			UKN) nrpe_unknown="1";;
+			VULN) nrpe_critical="1"; nrpe_vuln="$nrpe_vuln $1";;
+		esac
+	fi
+
 	_info_nol "> \033[46m\033[30mSTATUS:\033[0m "
 	vulnstatus="$2"
 	shift 2
@@ -728,3 +745,14 @@ _info
 _info "A false sense of security is worse than no security at all, see --disclaimer"
 
 [ -n "$dumped_config" ] && rm -f "$dumped_config"
+
+if [ "$opt_nrpe" = 1 ]; then
+	if [ ! -z "$nrpe_vuln" ]; then
+		echo "Vulnerable:$nrpe_vuln"
+	else
+		echo "OK"
+	fi
+	[ "$nrpe_critical" = 1 ] && exit 2  # critical
+	[ "$nrpe_unknown" = 1 ] && exit 3  # unknown
+	exit 0  # ok
+fi

From 7c5cfbb8c3cb6ecf57171b835bd8f27ee9376911 Mon Sep 17 00:00:00 2001
From: Marcus Downing <marcus@bang-on.net>
Date: Wed, 10 Jan 2018 11:57:45 +0000
Subject: [PATCH 2/4] batch nrpe

---
 spectre-meltdown-checker.sh | 29 ++++++++++++++++-------------
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index b707f46..4b314b0 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -35,7 +35,7 @@ show_usage()
 		--no-color			Don't use color codes
 		-v, --verbose			Increase verbosity level
 		--batch				Produce machine readable output
-		--nrpe				Produce output formatted for NRPE monitoring
+		--batch nrpe		Produce machine readable output formatted for NRPE
 
 	IMPORTANT:
 	A false sense of security is worse than no security at all.
@@ -77,8 +77,9 @@ opt_live_explicit=0
 opt_live=1
 opt_no_color=0
 opt_batch=0
-opt_nrpe=0
+opt_batch_format="text"
 opt_verbose=1
+
 nrpe_critical=0
 nrpe_unknown=0
 nrpe_vuln=""
@@ -241,11 +242,9 @@ while [ -n "$1" ]; do
 		opt_batch=1
 		opt_verbose=0
 		shift
-	elif [ "$1" = "--nrpe" ]; then
-		opt_nrpe=1
-		opt_batch=0
-		opt_verbose=0
-		shift
+		case "$1" in
+			text|nrpe) opt_batch_format="$1"; shift;;
+		esac
 	elif [ "$1" = "-v" -o "$1" = "--verbose" ]; then
 		opt_verbose=$(expr $opt_verbose + 1)
 		shift
@@ -290,11 +289,15 @@ pstatus()
 # Arguments are: CVE UNK/OK/VULN description
 pvulnstatus()
 {
-	[ "$opt_batch" = 1 ] && _echo 0 "$1: $2 ($3)"
-	if [ "$opt_nrpe" = 1 ]; then
-		case "$2" in
-			UKN) nrpe_unknown="1";;
-			VULN) nrpe_critical="1"; nrpe_vuln="$nrpe_vuln $1";;
+	if [ "$opt_batch" = 1 ]; then
+		case "$opt_batch_format" in
+			text) _echo 0 "$1: $2 ($3)";;
+			nrpe)
+				case "$2" in
+					UKN) nrpe_unknown="1";;
+					VULN) nrpe_critical="1"; nrpe_vuln="$nrpe_vuln $1";;
+				esac
+				;;
 		esac
 	fi
 
@@ -746,7 +749,7 @@ _info "A false sense of security is worse than no security at all, see --disclai
 
 [ -n "$dumped_config" ] && rm -f "$dumped_config"
 
-if [ "$opt_nrpe" = 1 ]; then
+if [ "$opt_batch" = 1 -a "$opt_batch_format" = "nrpe" ]; then
 	if [ ! -z "$nrpe_vuln" ]; then
 		echo "Vulnerable:$nrpe_vuln"
 	else

From 7c11d07865a36489ab080696277a4d1427cbf726 Mon Sep 17 00:00:00 2001
From: Marcus Downing <marcus@bang-on.net>
Date: Wed, 10 Jan 2018 11:59:33 +0000
Subject: [PATCH 3/4] Stray tab

---
 spectre-meltdown-checker.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index 4b314b0..60af68d 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -35,7 +35,7 @@ show_usage()
 		--no-color			Don't use color codes
 		-v, --verbose			Increase verbosity level
 		--batch				Produce machine readable output
-		--batch nrpe		Produce machine readable output formatted for NRPE
+		--batch nrpe			Produce machine readable output formatted for NRPE
 
 	IMPORTANT:
 	A false sense of security is worse than no security at all.

From 59fe8c2ad88208d1aa5fb74a5a0869a8d0fa117f Mon Sep 17 00:00:00 2001
From: Marcus Downing <marcus@bang-on.net>
Date: Wed, 10 Jan 2018 13:57:10 +0000
Subject: [PATCH 4/4] Error on unknown batch format

---
 spectre-meltdown-checker.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index 60af68d..c0a5eba 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -244,6 +244,13 @@ while [ -n "$1" ]; do
 		shift
 		case "$1" in
 			text|nrpe) opt_batch_format="$1"; shift;;
+			--*) ;;    # allow subsequent flags
+			'') ;;     # allow nothing at all
+			*)
+				echo "$0: error: unknown batch format '$1'"
+				echo "$0: error: --batch expects a format from: text, nrpe"
+				exit 1 >&2
+				;;
 		esac
 	elif [ "$1" = "-v" -o "$1" = "--verbose" ]; then
 		opt_verbose=$(expr $opt_verbose + 1)