On Mon, 11 Jul 2005, sean finney wrote:
> reassign 317763 nagios-plugins
> thanks
>
> hi,
>
> On Mon, Jul 11, 2005 at 01:51:14PM +0200, Peter Palfrader wrote:
> > Ganneff asked me to submit this script.
> >
> > It runs apt-get update and apt-get --simulate upgrade. It will return
> > critical if there are security updates, and ok if there are no or other
> > upgrades available.
>
> cool! a few comments on this script:
>
> - it should be reported against nagios-plugins, not nagios (i fixed this)
blame the evil Ganneff.
> - you should consider also posting this upstream at the sourceforge
> site (i'm on the upstream nagios-plugins team, so you can be sure
> to get a response).
Can you forward it?
> - will your plugin work for security updates even against local security
> mirrors that don't have security in the url?
apt-get --simulate upgrade output looks like
| Inst libpam0g-dev [0.76-22] (0.76-23 Debian:unstable) []
| Inst libpam-runtime [0.76-22] (0.76-23 Debian:unstable) []
| Conf libpam-runtime (0.76-23 Debian:unstable) []
| Inst libpam0g [0.76-22] (0.76-23 Debian:unstable)
if ($line =~ m/^Inst\s+(\S+)\s+/) {
my $package = $1;
if ($line =~ m/^Inst\s+\S+\s+.*security/i) {
[it's a security update]
} else {
[it's a normal update]
}
The last part is probably right out of the Release file, so if your
Release file is setup properly, it should also find those.
> - it would be nice if the plugin could be configured via cmdline
> arguments to exit warning/critical for whether or not there are
> security updates available
done.
> - it would be nice if the plugin could be configured via cmdline
> arguments to exit warning/critical for whether or not there are
> normal updates available
done.
> - it would be nice if the plugin could be configured via cmdline
> arguments to not do the apt-get upgrade half of the check.
apt-get update you mean? done.
Not really tested this version yet tho.
--
PGP signed and encrypted | .''`. ** Debian GNU/Linux **
messages preferred. | : :' : The universal
| `. `' Operating System
http://www.palfrader.org/ | `- http://www.debian.org/
#!/usr/bin/perl -Tw
# nagios check for debian (security) updates,
# based on net-snmp glue to security updates via apt-get.
# Copyright (C) 2004 SILVER SERVER GmbH
# Copyright (C) 2004, 2005 Peter Palfrader
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
# USA
use strict;
use English;
use Getopt::Long;
$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my $VERSION = '0.0.2';
my $APT = '/usr/bin/apt-get';
my $USE_SUDO = 1;
my $params;
# nagios exit codes
my %EXITCODES = (
'ok' => 0,
'warn' => 1,
'critical' => 2,
'unknown' => 3 );
$SIG{'__DIE__'} = sub {
print STDERR @_;
exit $EXITCODES{'unknown'};
};
$params->{'chroots'} = [];
$params->{'updates'} = 'warn';
$params->{'security'} = 'critical';
Getopt::Long::config('bundling');
if (!GetOptions (
'--help' => \$params->{'help'},
'--version' => \$params->{'version'},
'--sudo' => \$params->{'sudo'},
'--nosudo' => \$params->{'nosudo'},
'--verbose' => \$params->{'verbose'},
'--updates=s' => \$params->{'updates'},
'--security=s' => \$params->{'security'},
'--skip-update' => \$params->{'skip-update'},
'--chroot=s' => $params->{'chroots'},
)) {
die ("Usage: $PROGRAM_NAME [--help|--version] [--sudo|--nosudo]
[--updates=<action>] [--security=<action>] [--verbose] [--chroot=<path>
[--chroot=<path>]] [--skip-update]\n");
};
if ($params->{'help'}) {
print "Usage: $PROGRAM_NAME [--help|--version] [--sudo|--nosudo]
[--updates=<action>] [--security=<action>] [--verbose] [--chroot=<path>
[--chroot=<path>]] [--skip-update]\n";
print "Reports packages to upgrade, updating the list if necessary.\n";
print "\n";
print " --help Print this short help.\n";
print " --version Report version number.\n";
print " --sudo Use sudo to call apt-get
(default).\n";
print " --nosudo Do not use sudo to call
apt-get.\n";
print " --updates=[ok|warn|critical] What to do when there are
updates.\n";
print " Default: warn\n";
print " --security=[ok|warn|critical] What to do when there are
security updates.\n";
print " Default: critical\n";
print " --skip-update Skip 'apt-get update' step.\n";
print " --verbose Be a little verbose.\n";
print " --chroot=<path> Run check in path.\n";
print "\n";
print "Note that for --sudo (default) you will need entries in
/etc/sudoers like these:\n";
print "nagios ALL=(ALL) NOPASSWD: /usr/bin/apt-get update\n";
print "nagios ALL=(ALL) NOPASSWD: /usr/bin/apt-get --simulate
upgrade\n";
print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/chroot
/chroot-ia32 /usr/bin/apt-get update\n";
print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/chroot
/chroot-ia32 /usr/bin/apt-get --simulate upgrade\n";
print "\n";
exit (0);
};
if ($params->{'version'}) {
print "nagios-check-apt-updates $VERSION\n";
print "nagios check for availability of debian (security) updates\n";
print "Copyright (c) 2004 SILVER SERVER GmbH\n";
print "Copyright (c) 2004, 2005 Peter Palfrader <[EMAIL PROTECTED]>\n";
exit (0);
};
if ($params->{'sudo'} && $params->{'nosudo'}) {
die ("$PROGRAM_NAME: --sudo and --nosudo are mutually exclusive.\n");
};
if ($params->{'sudo'}) {
$USE_SUDO = 1;
};
if ($params->{'nosudo'}) {
$USE_SUDO = 0;
};
$params->{'updates'} = lc $params->{'updates'};
$params->{'security'} = lc $params->{'security'};
unless ( defined $EXITCODES{ $params->{'updates'} } ) {
die ("$PROGRAM_NAME: --updates takes one of ok, warn, critical as
argument.\n");
};
unless ( defined $EXITCODES{ $params->{'security'} } ) {
die ("$PROGRAM_NAME: --security takes one of ok, warn, critical as
argument.\n");
};
if (scalar @{$params->{'chroots'}} == 0) {
$params->{'chroots'} = ['/'];
};
# Make sure chroot paths are nice;
my @chroots = ();
for my $root (@{$params->{'chroots'}}) {
if ($root =~ m#^(/[a-zA-Z0-9/.-]*)$#) {
push @chroots, $1;
} else {
die ("Chroot path $root is not nice.\n");
};
};
my @updates_security;
my @updates_other;
for my $root (@chroots) {
my $pre_command = ($root ne '/') ? "chroot $root " : '';
$pre_command = ($USE_SUDO ? 'sudo ' : '').$pre_command;
unless ($params->{'skip-update'}) {
print STDERR "Running $APT update in $root\n" if
$params->{'verbose'};
open (UPDATE, "$pre_command$APT update|") or die ("Cannot run
$APT update in $root: $!\n");
my @ignore=<UPDATE>;
close UPDATE;
if ($CHILD_ERROR) { # program failed
die("$APT update returned with non-zero exit code in
$root: ".($CHILD_ERROR / 256)."\n");
};
};
print STDERR "Running $APT --simulate upgrade | sort -u in $root\n" if
$params->{'verbose'};
open (TODO, "$pre_command$APT --simulate upgrade | sort -u |") or die
("Cannot run $APT --simulate upgrade | sort -u in $root: $!\n");
my @lines=<TODO>;
close TODO;
if ($CHILD_ERROR) { # program failed
die("$APT --simulate upgrade | sort -u returned with non-zero
exit code in $root: ".($CHILD_ERROR / 256)."\n");
};
print STDERR "Processing information for $root\n" if
$params->{'verbose'};
for my $line (@lines) {
if ($line =~ m/^Inst\s+(\S+)\s+/) {
my $package = $1;
if ($line =~ m/^Inst\s+\S+\s+.*security/i) {
push @updates_security, $package.($root ne '/'
? "($root)" : '');
} else {
push @updates_other, $package.($root ne '/' ?
"($root)" : '');
};
}
}
};
my $exit = $EXITCODES{'ok'};
my $updateinfo;
if (@updates_security) {
$updateinfo .= 'Security updates ('.(scalar @updates_security).'):
'.join(', ', @updates_security)."; ";
$exit = $EXITCODES{ $params->{'security'} } > $exit ? $EXITCODES{
$params->{'security'} } : $exit;
};
if (@updates_other) {
$updateinfo .= 'Other Updates ('.(scalar @updates_other).'): '.join(',
', @updates_other)."; ";
$exit = $EXITCODES{ $params->{'updates'} } > $exit ? $EXITCODES{
$params->{'updates'} } : $exit;
};
$updateinfo = 'No updates available' unless defined $updateinfo;
print $updateinfo,"\n";
exit $exit;
