Secunia Mailing List Monitor Script
From Bubba.org
Contents |
Secunia Mailing List Monitor
It should be noted that this no longer works. Secunia no longer provides all the information they used to because they felt they were losing money and customers by providing this information for free. http://secunia.com/blog/43/
This will stay here for posterity sake. There are workarounds, but now I fear that posting any additional information would cause Secunia to work around my workarounds.
#!/usr/bin/perl # # 06/16/2008 - bubbaATbubba.org # # Script to parse secunia alerts based on vendors/software/OS and based on severity # # Benefits: Only get notified for vendors/software/OS+severities you specify, option # to get notified of all sev 5 critical events, severity added to the subject line (x/5) # # To use: # - Subscribe here: http://secunia.com/secunia_security_advisories/ and uncheck weekly summary # - Search Secunia for Vendors/Software/OS and build a string to match what you care about: # http://secunia.com/search/. You can key off of anything in the title or under the # SOFTWARE or OPERATING SYSTEM values in the messages. # # Make sure you verify your subscription before adding the procmail rule: # :0bi # * ^From.*sec-adv@secunia.com # | $HOME/bin/secunia_parse.pl # ############################# # address to deliver messages to/from $to_address="blah\@blah.com"; $from_address="myalerts\@blah.com"; # always send sev 5 rated vulns even if we don't get a software/vendor/OS match $send_highest = 1; # software name/vendor/OS => severity rating 1-5 (http://secunia.com/about_secunia_advisories/) %vendors=("Adobe" => "4","Apache" => "4","Apple" => "4","Microsoft Internet Explorer 6" => "3", "PHP 4" => "3"); ############################## my $found = 0; while(<STDIN>) { next if (/unsubscribe/i); if (/^-----/ && $found == 0) { $found=1; } elsif (/^-----/ && $found == 1) { push(@body,$_); $found=0; } else { if ($found != 1) { # ignore all previous exceptions if (/DESCRIPTION/) { $next_software=0; chop($SOFTWARE); } if ($next_title == 1) { $TITLE=$_; chomp($TITLE); $next_title=0; } if ($next_id == 1) { $SECUNIAID=$_; chomp($SECUNIAID); $next_id=0; } if ($next_severity == 1) { $SEVERITY=$_; chomp($SEVERITY); if ($SEVERITY =~ /Extremely/) { $SEVERITY=5; } elsif ($SEVERITY =~ /Highly/) { $SEVERITY=4; } elsif ($SEVERITY =~ /Moderately/) { $SEVERITY=3; } elsif ($SEVERITY =~ /Less/) { $SEVERITY=2; } elsif ($SEVERITY =~ /Not/) { $SEVERITY=1; } $next_severity=0; } # process Software or OS's (have to allow for multiples) if ($next_software == 1) { my $t = $_; chomp($t); if ($t =~ /\S+/ && $t !~ /http\:/) { # build regex... yeah lame, but it works $SOFTWARE=$t . "|" . $SOFTWARE; } } if (/TITLE/) { $next_title=1; } if (/SECUNIA ADVISORY ID/) { $next_id=1; } if (/CRITICAL/) { $next_severity=1; } if (/SOFTWARE/) { $next_software=1; } if (/OPERATING SYSTEM/) { $next_software=1; } push(@body,$_); } } } foreach my $vendor (keys %vendors) { my $required_sev = $vendors{$vendor}; # if we get a match on our vendor list OR if issue is rated sev 5, send if ((($TITLE =~ m/$vendor/i) && ($SEVERITY >= $required_sev)) || (($SOFTWARE =~ m/$vendor/i) && ($SEVERITY >= $required_sev)) || ($send_highest && ($SEVERITY == 5))) { open(MAIL, "|/usr/lib/sendmail $to_address"); print MAIL "From: $from_address\n"; print MAIL "To: $to_address\n"; print MAIL "Subject: [$SECUNIAID] $TITLE (Rated $SEVERITY/5)\n"; foreach $line (@body) { print MAIL $line; } close(MAIL); } }