From 1b0cbfb27a15e2aa9cf2ba9c0e5841f50a1b96bc Mon Sep 17 00:00:00 2001 From: "Daniele Verducci (Slimpenguin)" Date: Fri, 6 May 2022 08:57:41 +0200 Subject: [PATCH] Config: added apt security updates check --- healthcheck/healthcheck.cfg.example | 11 +++++++++++ healthcheck/healthcheck.py | 6 +++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/healthcheck/healthcheck.cfg.example b/healthcheck/healthcheck.cfg.example index a619659..0556442 100644 --- a/healthcheck/healthcheck.cfg.example +++ b/healthcheck/healthcheck.cfg.example @@ -205,3 +205,14 @@ COMMAND=nc -z -w 3 192.168.1.123 80 > /dev/null && echo "Online" || echo "Offlin DISABLED=True ALARM_STRING_EQUAL=Core meltdown! COMMAND=echo "Core meltdown!" + + +[security_updates_available] +# Checks for security updates via apt (works on Debian and derivatives, like Ubuntu). +# Needs the repositories to be updated with `apt update`, but is an heavy command, so it may +# be configured to be executed daily in a command in the same cron of healthcheck. +# E.g.: place this string in /etc/cron.d/healthcheck, before the healthcheck command: +# 1 1 * * * root apt update +DISABLED=True +ALARM_STRING_EQUAL=security updates available +COMMAND=apt list --upgradable 2>/dev/null | grep -e "-security" && echo "security updates available" || echo "NO security updates available" diff --git a/healthcheck/healthcheck.py b/healthcheck/healthcheck.py index 490fbaf..5573720 100755 --- a/healthcheck/healthcheck.py +++ b/healthcheck/healthcheck.py @@ -67,7 +67,7 @@ class Main: systemLocale = os.getenv('LANG') if not systemLocale: raise ValueError('System environment variabile $LANG is not set!') - + locale.setlocale(locale.LC_ALL, systemLocale) ''' Reads the config ''' @@ -143,7 +143,7 @@ class Main: return "bad config: COMMAND is mandatory" if not config.regexp: return "bad config: REGEXP is mandatory" - + # Run command stdout = "" ret = subprocess.run(config.command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) @@ -157,7 +157,7 @@ class Main: ret.returncode, 'and error message "{}"'.format(ret.stderr.decode().strip()) if ret.stderr else '' ) - + # Parse result with regex match = re.search(config.regexp, stdout, re.MULTILINE) if not match: