add pillars for cve checks (#755)

Raven-98 · web-flow · commit 902c8db9f395 · 2026-05-20T16:31:28.000+02:00
diff --git a/pillar/cmd_check_alert/cve-kernel_fixed-only.sls b/pillar/cmd_check_alert/cve-kernel_fixed-only.sls
@@ -0,0 +1,23 @@
+cmd_check_alert:
+  cve-kernel:
+    cron:
+      minute: '15'
+      hour: '9'
+    config:
+      checks:
+        cve-kernel:
+          cmd: /opt/microdevops/pycve/local-agent/run-local-agent.sh --rules-base-url https://cve.microdevops.com/rules --kernel-only --fixed-only 2>/dev/null
+          service: cve
+          resource: __hostname__:cve-kernel
+          severity_per_retcode:
+            '1': major      # return if agent has issues
+            '2': major      # return by packages
+            '3': critical   # return by kernel
+          timeout: 600
+      enabled: True
+      limits:
+        time: 600
+        threads: 1
+
+
+
diff --git a/pillar/cmd_check_alert/cve-packages_critical.sls b/pillar/cmd_check_alert/cve-packages_critical.sls
@@ -0,0 +1,23 @@
+cmd_check_alert:
+  cve-packages:
+    cron:
+      minute: '15'
+      hour: '10'
+    config:
+      checks:
+        cve-packages:
+          cmd: /opt/microdevops/pycve/local-agent/run-local-agent.sh --rules-base-url https://cve.microdevops.com/rules --packages-only 2>/dev/null
+          service: cve
+          resource: __hostname__:cve-packages
+          severity_per_retcode:
+            '1': major      # return if agent has issues
+            '2': critical   # return by packages
+            '3': critical   # return by kernel
+          timeout: 600
+      enabled: True
+      limits:
+        time: 600
+        threads: 1
+
+
+
diff --git a/pillar/cmd_check_alert/cve-packages_fixed-only.sls b/pillar/cmd_check_alert/cve-packages_fixed-only.sls
@@ -0,0 +1,23 @@
+cmd_check_alert:
+  cve-packages:
+    cron:
+      minute: '15'
+      hour: '10'
+    config:
+      checks:
+        cve-packages:
+          cmd: /opt/microdevops/pycve/local-agent/run-local-agent.sh --rules-base-url https://cve.microdevops.com/rules --packages-only --fixed-only 2>/dev/null
+          service: cve
+          resource: __hostname__:cve-packages
+          severity_per_retcode:
+            '1': major      # return if agent has issues
+            '2': major      # return by packages
+            '3': critical   # return by kernel
+          timeout: 600
+      enabled: True
+      limits:
+        time: 600
+        threads: 1
+
+
+
diff --git a/pillar/cmd_check_alert/cve-packages_fixed-only_critical.sls b/pillar/cmd_check_alert/cve-packages_fixed-only_critical.sls
@@ -0,0 +1,23 @@
+cmd_check_alert:
+  cve-packages:
+    cron:
+      minute: '15'
+      hour: '10'
+    config:
+      checks:
+        cve-packages:
+          cmd: /opt/microdevops/pycve/local-agent/run-local-agent.sh --rules-base-url https://cve.microdevops.com/rules --packages-only --fixed-only 2>/dev/null
+          service: cve
+          resource: __hostname__:cve-packages
+          severity_per_retcode:
+            '1': major      # return if agent has issues
+            '2': critical   # return by packages
+            '3': critical   # return by kernel
+          timeout: 600
+      enabled: True
+      limits:
+        time: 600
+        threads: 1
+
+
+
