Secunia Mailing List Monitor Script

From Bubba.org

Jump to: navigation, search


Secunia Mailing List Monitor

It should be noted that this no longer works. Secunia no longer provides all the information they used to because they felt they were losing money and customers by providing this information for free. http://secunia.com/blog/43/

This will stay here for posterity sake. There are workarounds, but now I fear that posting any additional information would cause Secunia to work around my workarounds.

#!/usr/bin/perl
#
# 06/16/2008 - bubbaATbubba.org
# 
# Script to parse secunia alerts based on vendors/software/OS and based on severity 
#
# Benefits:  Only get notified for vendors/software/OS+severities you specify, option 
# to get notified of all sev 5 critical events, severity added to the subject line (x/5)
#
# To use:
# - Subscribe here:  http://secunia.com/secunia_security_advisories/ and uncheck weekly summary
# - Search Secunia for Vendors/Software/OS and build a string to match what you care about:
#   http://secunia.com/search/.   You can key off of anything in the title or under the 
#   SOFTWARE or OPERATING SYSTEM values in the messages.
#
# Make sure you verify your subscription before adding the procmail rule:
# :0bi
# * [email protected]
# | $HOME/bin/secunia_parse.pl
#
#############################
 
# address to deliver messages to/from
$to_address="blah\@blah.com";
$from_address="myalerts\@blah.com";
 
# always send sev 5 rated vulns even if we don't get a software/vendor/OS match
$send_highest = 1;
 
# software name/vendor/OS => severity rating 1-5 (http://secunia.com/about_secunia_advisories/)
%vendors=("Adobe" => "4","Apache" => "4","Apple" => "4","Microsoft Internet Explorer 6" => "3", "PHP 4" => "3");
 
##############################
my $found = 0;
while(<STDIN>) {
	next if (/unsubscribe/i);
        if (/^-----/ && $found == 0) {
                $found=1;
        } elsif (/^-----/ && $found == 1) {
		push(@body,$_);
		$found=0;
	} else {
                if ($found != 1) { # ignore all previous exceptions
			if (/DESCRIPTION/) {
				$next_software=0;
				chop($SOFTWARE);
			}
			if ($next_title == 1) {
				$TITLE=$_;
				chomp($TITLE);
				$next_title=0;
			}
			if ($next_id == 1) {
				$SECUNIAID=$_;
				chomp($SECUNIAID);
				$next_id=0;
			}
			if ($next_severity == 1) {
				$SEVERITY=$_;
				chomp($SEVERITY);
				if ($SEVERITY =~ /Extremely/) {
					$SEVERITY=5;
				} elsif ($SEVERITY =~ /Highly/) {
					$SEVERITY=4;
				} elsif ($SEVERITY =~ /Moderately/) {
					$SEVERITY=3;
				} elsif ($SEVERITY =~ /Less/) {
					$SEVERITY=2;
				} elsif ($SEVERITY =~ /Not/) {
					$SEVERITY=1;
				}
				$next_severity=0;
			}
			# process Software or OS's (have to allow for multiples)
			if ($next_software == 1) {
				my $t = $_;
				chomp($t);
				if ($t =~ /\S+/ && $t !~ /http\:/) {
					# build regex... yeah lame, but it works
					$SOFTWARE=$t . "|" . $SOFTWARE;
				}
			}
 
			if (/TITLE/) {
				$next_title=1;
			}
			if (/SECUNIA ADVISORY ID/) {
				$next_id=1;
			}
			if (/CRITICAL/) {
				$next_severity=1;
			}
			if (/SOFTWARE/) {
				$next_software=1;
			}
			if (/OPERATING SYSTEM/) {
				$next_software=1;
			}
			push(@body,$_);
                }
        }
}
 
foreach my $vendor (keys %vendors) {
	my $required_sev = $vendors{$vendor};
	# if we get a match on our vendor list OR if issue is rated sev 5, send
	if ((($TITLE =~ m/$vendor/i) && ($SEVERITY >= $required_sev)) || 
	   (($SOFTWARE =~ m/$vendor/i) && ($SEVERITY >= $required_sev)) ||
	   ($send_highest && ($SEVERITY == 5))) {
	        open(MAIL, "|/usr/lib/sendmail $to_address");
		print MAIL "From: $from_address\n";
		print MAIL "To: $to_address\n";
		print MAIL "Subject: [$SECUNIAID] $TITLE (Rated $SEVERITY/5)\n";
		foreach $line (@body) {
			print MAIL $line;
		}
		close(MAIL);
	}
}