#sm start rvm
PATH="/home/securitybot/.rvm/gems/ruby-2.7.1/bin:/home/securitybot/.rvm/gems/ruby-2.7.1@global/bin:/home/securitybot/.rvm/rubies/ruby-2.7.1/bin:/home/securitybot/.rvm/gems/ruby-2.7.1/bin:/home/securitybot/.rvm/gems/ruby-2.7.1@global/bin:/home/securitybot/.rvm/rubies/ruby-2.7.1/bin:/home/securitybot/bin:/usr/local/bin:/usr/bin:/bin:/usr/games:/home/securitybot/tools:/home/securitybot/tools/python/bin:/home/securitybot/.rvm/bin:/home/securitybot/.rvm/bin"
GEM_HOME='/home/securitybot/.rvm/gems/ruby-2.7.1'
GEM_PATH='/home/securitybot/.rvm/gems/ruby-2.7.1:/home/securitybot/.rvm/gems/ruby-2.7.1@global'
MY_RUBY_HOME='/home/securitybot/.rvm/rubies/ruby-2.7.1'
IRBRC='/home/securitybot/.rvm/rubies/ruby-2.7.1/.irbrc'
RUBY_VERSION='ruby-2.7.1'
#sm end rvm

@reboot rmdir $HOME/.maint-announcer-running/

#00 13 * * 1-5 ~/tools/patchinfo_checker.rb -c security -o -m "OBS security patchinfo inconsistencies"
#10 13 * * 1-5 ~/tools/patchinfo_checker.rb -c security -m "IBS security patchinfo inconsistencies"
#20 13 * * 1-5 ~/tools/patchinfo_checker.rb -x security -o -m "OBS maintenance patchinfo inconsistencies"
#30 13 * * 1-5 ~/tools/patchinfo_checker.rb -x security -m "IBS maintenance patchinfo inconsistencies"
#30 13 * * 1-5 ~/tools/gruftwatcher.rb | mail -E -s 'Unhandled SLE 10 submits' security-reports@suse.de
#30 13 * * 1-5 ruby ~/tools/pending_list.rb | mail -E -s 'Pending security issues' maintsec-reports@suse.de


# meeting reminder for reactive security and for dietrich staff
0     8       *       *       Mon     bash ~/src/sectools/reactive-meeting-email/secteam_meeting_topics_reminder.sh
0     16      *       *       Mon     bash ~/src/sectools/solsec-meeting-email/dobstaff_meeting_topics_reminder.sh
# on wednesday, in the second week of the month.
10    17   8-14       *         *     [ `date +\%u` = 3 ] && bash ~/src/sectools/secautomation-meeting-email/dobstaff_meeting_topics_reminder.sh

# CVE / OVAL scripts:
MAILTO=meissner@suse.de

### Data fetchers
# refreshes local SUSE:Channels copy, and cvelist git
30 */4   * * * cd $HOME/prod/cve-database ; bash bin/refresh.sh
# 30  14   * * * cd $HOME/prod/cve-database ; perl bin/bugrefresh.pl; git status --porcelain data/bugzillas|grep "M " >/dev/null && git commit -q -m "data sync" data/bugzillas

# refreshes SMASH issue data cache
43  */2 * * * cd $HOME/prod/cve-database ; perl bin/smashfresh.pl ; git status --porcelain data/cve2bugzilla|grep "M " >/dev/null && git commit -q -m "data sync" data/cve2bugzilla

# fetches and caches container and public cloud infos
0  4,22 * * * cd $HOME/prod/cve-database ; bash bin/wrap-fetch-all-buildinfos.sh

# fetches public image data and cross links to buildinfos
0 11,23 * * * cd $HOME/prod/cve-database ; bash bin/pint-diff.sh ; perl bin/pint.pl

# fetches tumbleweed CVEs from changelogs.
42 23 * * * cd $HOME/prod/cve-database ; perl bin/extract-tumbleweed-cve.pl ; git status --porcelain data/ga/opensuse_tumbleweed.csv|grep "M " >/dev/null && git commit -q -m "data sync" data/ga/opensuse_tumbleweed.csv


### Generators
# CVSS scores in YAML output.
30 */3 * * * cd $HOME/prod/cve-database ; perl bin/generate-cvss-dump.pl

# suse.com/security/cve pages ... do every 1 hour now, runtime around 45 minutes.
0  0,11,12,13,14,15,16,17,18,19,20,21 * * * cd $HOME/prod/cve-database; git pull -q --rebase; git push -q; bash bin/wrap-generate-cve-dirs.sh

0 23 * * * cd $HOME/prod/cve-database; git pull -q --rebase; git push -q; bash bin/wrap-pubcloud-watcher.sh

# suse CVRF - CVE 1.2 pages - takes around 3.5 hours 202207.
0 1 * * *  cd $HOME/prod/cve-database ; bash bin/wrap-generate-cvrf-cve.sh

# SUSE Oval data, once a day. (takes a bit over 2 hours 202203)
30 4 * * * cd $HOME/prod/cve-database ; bash bin/wrap-generate-oval.sh

# suse CVRF 1.1 and 1.2 data, once a day.
30 7 * * * cd $HOME/prod/cve-database ; bash bin/wrap-generate-cvrf.sh

# suse containers and public cloud image updates
0 9 * * * cd $HOME/prod/cve-database ; bash bin/wrap-container-info.sh

# watch tumbleweed packages for missing bugs
30 10  * * * cd $HOME/prod/cve-database ; perl bin/tumbleweed-watcher.pl

# scrapes all advisories for cross ref
30 */2 * * * cd $HOME/prod/cve-database ; git pull -q ; perl bin/cron-advisory.pl ; git status --porcelain data/containerid data/ovalids data/advisories data/suse-sa data/su2patch data/ovalids |grep "M " >/dev/null && git commit -q -m "data sync" data/advisories data/suse-sa data/su2patch data/ovalids data/containerid ; git pull -q --rebase ; git push -q


54 10 * * * cd $HOME/prod/cve-database; bash bin/watch-cvrf1.2.sh

# reports...
MAILTO=security-reports@suse.de

0 10 * * * perl $HOME/prod/cve-database/bin/car2.pl

0 9 * * * cd $HOME/prod/cve-database; perl bin/pending-watcher.pl ; cat pending-7.0.txt

28 9  * * Tue cd $HOME/prod/cve-database; echo "see attachment, autogenerated from securitybot@maintenance.suse.de operated by Marcus Meissner." | mail -r meissner@suse.de -s "Pending kernel security issues" -a pending-kernel-7.0.txt  kernel-security-sentinel@lists.suse.com

35 12,18 * * * cd $HOME/src/sectools ; perl notify-teradata.pl

# kernel CVSS , missing livepatches
25 8 * * * perl $HOME/prod/cve-database/bin/cvss-watcher.pl kernel

# still open bugs
# not really looked at
# 45 8 * * * perl $HOME/prod/cve-database/bin/cvss-watcher.pl other

# mismatch priorities or missing LTSS incidents
30 10 * * * perl $HOME/prod/cve-database/bin/incident-watcher.pl

# SUSE Manager SALT
20 9 * * * perl $HOME/prod/cve-database/bin/salt-watcher.pl

# send mail of GEHC issues to GEHC team
0 1 * * Sun cd $HOME/prod/cve-database ; perl bin/generate-gehc-list.pl