Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Add on to update vulnerabilities?

https://support.nagios.com/forum/viewtopic.php?t=47908

Page 1 of 1

Add on to update vulnerabilities?

Posted: Thu Mar 15, 2018 1:14 pm
by andrewatmacys
Forgive me if this is listed somewhere, but I couldn't find it. Is there an add on that updates vulnerabilities in Nagios?

Like a security newsletter or something like that, that updates monthly or so? It seems all I can find are individual plugins to check for security compliance.

Thank you!

Re: Add on to update vulnerabilities?

Posted: Thu Mar 15, 2018 4:42 pm
by cdienger
The UI has a built in check for Nagios updates. If an update is available you'll see a Red ! in the default Home Dashboard or a yellow ! in the Footer(just left of the About link). You can also check for updates under the Admin section of the UI.

For system vulnerabilities I'm not aware of any checks but I do see redhat recently made an API available to their CVE database https://access.redhat.com/documentation ... t_all_cves so creating a plugin do to something like that looks do-able. I'll try to make some time tomorrow to poke around it some more since I can see this being a benefit for a lot of people. :)

Re: Add on to update vulnerabilities?

Posted: Fri Mar 16, 2018 4:48 pm
by cdienger
A lot could be done for improvement(logic to check installed packages, date handling, file/folder existence and storage location, adding actual nagios return code logic, OS detection, etc....) but it's a rough draft:

Code: Select all

#!/bin/bash

before=2018-03-17
after=2018-02-28

declare -a cve

cve=($(curl https://access.redhat.com/labs/securitydataapi/cve.json?product=Red%20Hat%20Enterprise%20Linux%206\&before=$before\&after=$after -m 30 -s | jq .[].CVE | sed s/\"//g))

#echo ${#cve[@]}

for (( counter=0; counter<${#cve[@]}; counter++ )); do

mkdir ${cve[$counter]}

curl https://access.redhat.com/labs/securitydataapi/cve/${cve[$counter]}.json -m 30 -s | jq .[] > ${cve[$counter]}/${cve[$counter]}.txt

done
The above will search for CVEs released between 3/17 and 2/28 of this year that impact RHEL 6, create a folder for each CVE it finds and saves the details in the folder.

Re: Add on to update vulnerabilities?

Posted: Mon Mar 19, 2018 10:25 am
by andrewatmacys
Thank you for your help, I'll definitely be checking into that!

Re: Add on to update vulnerabilities?

Posted: Mon Mar 19, 2018 3:22 pm
by npolovenko
@andrewatmacys, Let us know if it's it ok to lock the thread?
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited