-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathnexpose-problemmonitor.rb
73 lines (57 loc) · 2.42 KB
/
nexpose-problemmonitor.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# Nexpose Scan Problem Monitor
require "nexpose"
require 'net/smtp'
# Need this since Ruby 2.x tries to use any set proxies.
ENV['http_proxy'] = nil
ENV['https_proxy'] = nil
# Set Nexpose user/pw
user = "<username>"
pass = "<password>"
# Set Nexpose console hostname and email address to send from.
nexpose_host = "<hostname or IP>"
nexpose_email = "<nexpose@example.com>"
def sendEmails(message)
recipients = {
"<your name>" => "<your.email@example.com>"
}
recipients.each do |name,addr|
message = <<MESSAGE_END
From: Nexpose <#{nexpose_email}>
To: #{name} <#{addr}>
Subject: Possible Scan Problem
Importance: High
#{message}
MESSAGE_END
# Send via local mail relay by default (sendmail/postfix/etc)
Net::SMTP.start('localhost') do |smtp|
smtp.send_message message, nexpose_email, addr
end
end
end
include Nexpose
# Create connection and log into Nexpose console.
nsc = Nexpose::Connection.new(nexpose_host, user, pass)
nsc.login
# Check for assets completed or being scanned if a scan has been running longer than this many minutes.
minutesAfterStart = 20
scans = nsc.activity
scans.each do |scan|
# Alert if scan is in a failed state.
if ["aborted", "error", "unknown"].include?(scan.status)
sendEmails("#{nsc.sites.find {|s| s.id == scan.scan_id}.name} (#{scan.scan_id}) is in state #{scan.status}")
end
# If the scan has been running longer than minutesAfterStart, check the scan activity.
if (Time.now.to_i - scan.start_time.to_time.to_i) > (minutesAfterStart * 60)
diffMinutes = (Time.now.to_i - scan.start_time.to_time.to_i).to_f / 60.0
ss = nsc.scan_statistics(scan.scan_id)
if ss.tasks.active == 0 and ss.tasks.completed == 0
# If no assets are being scanned and none have finished scanning...
site = nsc.sites.find {|s| s.id == scan.site_id}
sendEmails("#{site.name} (#{scan.scan_id.to_s}) has not scanned any assets since it started #{diffMinutes.round(2).to_s} minutes ago.")
elsif ss.tasks.active == 0 and ss.tasks.pending > 0
# If no assets are being scanned, but some are pending...
site = nsc.sites.find {|s| s.id == scan.site_id}
sendEmails("#{site.name} (#{scan.scan_id.to_s}) appears to have stopped scanning. No assets are currently being scanned and #{ss.tasks.pending.to_s} assets are still pending.")
end
end
end