4.4 KiB
WID Notifier
The German BSI and LSI Bavaria each have a page listing current security notices.
- BSI: https://wid.cert-bund.de/portal/wid/kurzinformationen
- LSI: https://wid.lsi.bayern.de/portal/wid/warnmeldungen
This software queries the APIs of these services for new security notices and sends configurable email notifications.
Supported Platforms
This Software only supports Linux.
API Endpoints
| ID | Portal URL | |
|---|---|---|
| BSI | bund |
https://wid.cert-bund.de/portal/wid/kurzinformationen |
| LSI | bay |
https://wid.lsi.bayern.de/portal/wid/warnmeldungen |
Usage
After building the application using go build, run
./wid-notifier <configfile>
where <configfile> is the path of your configuration file. If you don't have a config file yet, the software will create an initial config at the given location. See Configuration for more info.
Configuration
Example:
{
"api_fetch_interval": 600,
"enabled_api_endpoints": [
"bay",
"bund"
],
"datafile": "data",
"recipients": [
{
"address": "guenther@example.org",,
"include": [
{"classification": "kritisch"},
{"title_contains": "jQuery"}
]
}
],
"smtp": {
"from": "from@example.org",
"host": "example.org",
"port": 587,
"user": "from@example.org",
"password": "SiEhAbEnMiChInSgEsIcHtGeFiLmTdAsDüRfEnSiEnIcHt"
},
"template": {
"subject": "",
"body": ""
}
}
Filters
You must filter the notices to be sent per user. Multiple filters can be set per user and multiple criteria can be defined per filter.
"include": [
{
"any": false,
"title_contains": "",
"classification": "",
"min_basescore": 0,
"status": "",
"products_contain": "",
"no_patch": "",
"api_endpoint": ""
},
...
]
The following filter criteria are supported. Criteria marked with * are for optional fields that are not supported by every API endpoint (e.g. https://wid.lsi.bayern.de) - notices from those endpoints will therefore not be included when using those filters.
any
Includes all notices if set to true.
{"any": true}
title_contains
Include notices whose title contains this text.
{"title_contains": "Denial Of Service"}
If set to "", this criteria will be ignored.
classification
Include notices whose classification is in this list.
Classification can be "kritisch", "hoch", "mittel" or "niedrig".
{"classification": "hoch"}
If set to "", this criteria will be ignored.
min_basescore *
Include notices whose basescore (0 - 100) is >= min_basescore.
{"min_basescore": 40}
This criteria will be ignored if set to 0.
status *
Include notices with this status. This is usually either NEU or UPDATE.
{"status": "NEU"}
If set to "", this criteria will be ignored.
products_contain *
Include notices whose product list contains this text.
{"products_contain": "Debian Linux"}
If set to "", this criteria will be ignored.
no_patch *
If set to "true", notices where no patch is available will be included.
{"no_patch": "true"}
If set to "false", notices where no patch is available will be included.
{"no_patch": "false"}
If set to "", this criteria will be ignored.
api_endpoint
Includes notices from the given API Endpoint.
Templates
If you don't like the default appearance of the notification mails, you can write your own templates for the mail subject and body.
The syntax for the mail templates is described here.
All fields from the WidNotice struct can be used.
type WidNotice struct {
Uuid string
Name string
Title string
Published time.Time
Classification string
// optional fields (only fully supported by cert-bund)
Basescore int // -1 = unknown
Status string // "" = unknown
ProductNames []string // empty = unknown
Cves []string // empty = unknown
NoPatch string // "" = unknown
// metadata
ApiEndpointId string
PortalUrl string
}
For an example, take a look at DEFAULT_SUBJECT_TEMPLATE and DEFAULT_BODY_TEMPLATE in template.go.