Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Metrics for kernel vulnerabilities #1046

Closed
bobrik opened this issue Aug 15, 2018 · 4 comments · Fixed by #2721
Closed

Metrics for kernel vulnerabilities #1046

bobrik opened this issue Aug 15, 2018 · 4 comments · Fixed by #2721
Labels
accepted help wanted

Comments

@bobrik
Copy link

bobrik commented Aug 15, 2018

Newer kernels have this:

$ ls /sys/devices/system/cpu/vulnerabilities
meltdown  spectre_v1  spectre_v2

$ cat /sys/devices/system/cpu/vulnerabilities/meltdown
Mitigation: PTI

I wonder if we should export these as metrics in node_exporter:

node_kernel_vulnerabilities{name="meltdown", value="Mitigation: PTI"} 1
@discordianfish
Copy link
Member

Seems reasonable feature request. But parsing of this should go into procfs.

bobrik added a commit to bobrik/procfs that referenced this issue Aug 21, 2018
@bobrik
Add VulnerabilityStats() to for kernel vulnerabilities
e3e32f6 
See prometheus/node_exporter#1046
@bobrik bobrik mentioned this issue Aug 21, 2018
Closed
bobrik added a commit to bobrik/procfs that referenced this issue Aug 22, 2018
@bobrik
Add VulnerabilityStats() to for kernel vulnerabilities
9395f5b 
See prometheus/node_exporter#1046

Signed-off-by: Ivan Babrou <[email protected]>
bobrik added a commit to bobrik/procfs that referenced this issue Aug 22, 2018
@bobrik
Add VulnerabilityStats() to for kernel vulnerabilities
f1d9ebe 
See prometheus/node_exporter#1046

Signed-off-by: Ivan Babrou <[email protected]>
@knweiss
Copy link
Contributor

knweiss commented Aug 22, 2018

Side note: spectre-meltdown-checker has a --batch prometheus option and is able to export the kernel Spectre/Meltdown vulnerability status via node-exporter's textfile collector. Example.

bobrik added a commit to bobrik/procfs that referenced this issue Aug 22, 2018
@bobrik
Add VulnerabilityStats() to for kernel vulnerabilities
4b81faa 
See prometheus/node_exporter#1046

Signed-off-by: Ivan Babrou <[email protected]>
discordianfish pushed a commit to prometheus/procfs that referenced this issue Jul 12, 2019
@bobrik @discordianfish
Add VulnerabilityStats() to for kernel vulnerabilities
7c1ba21 
See prometheus/node_exporter#1046

Signed-off-by: Ivan Babrou <[email protected]>
discordianfish pushed a commit to prometheus/procfs that referenced this issue Jul 12, 2019
@bobrik @discordianfish
Add VulnerabilityStats() to for kernel vulnerabilities
e156fd0 
See prometheus/node_exporter#1046

Signed-off-by: Ivan Babrou <[email protected]>
pgier pushed a commit to prometheus/procfs that referenced this issue Aug 22, 2019
@bobrik @pgier
Add VulnerabilityStats() to for kernel vulnerabilities
4477e60 
See prometheus/node_exporter#1046

Signed-off-by: Ivan Babrou <[email protected]>
remijouannet pushed a commit to remijouannet/procfs that referenced this issue Oct 20, 2022
@bobrik @pgier
Add VulnerabilityStats() to for kernel vulnerabilities
6add46f 
See prometheus/node_exporter#1046

Signed-off-by: Ivan Babrou <[email protected]>
@palash25
Copy link

palash25 commented Nov 6, 2022

hi i was looking to contribute and just wanted to know is this still a valid feature request? as i see the vulnerability parsing code was added to procfs https://github.com/prometheus/procfs/pull/190/files but the CPUVulnerabilities() method is not used anywhere in node_exporter, is there a reason for not using it? and is this issue still up for grabs?

@discordianfish
Copy link
Member

@palash25 Unless I missed some open PR, yeah a PR to add a collector for this here is very welcome!

@mwasilew2 mwasilew2 mentioned this issue Jun 2, 2023
Closed
@mwasilew2 mwasilew2 mentioned this issue Jun 16, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
accepted help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add cpu vulnerabilities reporting from sysfs mwasilew2/node_exporter
4 participants
@bobrik @discordianfish @knweiss @palash25