Config: added apt security updates check

healthcheck/healthcheck.cfg.example

@@ -205,3 +205,14 @@ COMMAND=nc -z -w 3 192.168.1.123 80 > /dev/null && echo "Online" || echo "Offlin
 DISABLED=True
 ALARM_STRING_EQUAL=Core meltdown!
 COMMAND=echo "Core meltdown!"
+
+
+[security_updates_available]
+# Checks for security updates via apt (works on Debian and derivatives, like Ubuntu).
+# Needs the repositories to be updated with `apt update`, but is an heavy command, so it may
+# be configured to be executed daily in a command in the same cron of healthcheck.
+# E.g.: place this string in /etc/cron.d/healthcheck, before the healthcheck command:
+# 	1 1 * * *       root    apt update
+DISABLED=True
+ALARM_STRING_EQUAL=security updates available
+COMMAND=apt list --upgradable 2>/dev/null | grep -e "-security" && echo "security updates available" || echo "NO security updates available"

healthcheck/healthcheck.py

@@ -67,7 +67,7 @@ class Main:
 		systemLocale = os.getenv('LANG')
 		if not systemLocale:
 			raise ValueError('System environment variabile $LANG is not set!')
-		
+
 		locale.setlocale(locale.LC_ALL, systemLocale)
 
 		''' Reads the config '''
@@ -143,7 +143,7 @@ class Main:
 			return "bad config: COMMAND is mandatory"
 		if not config.regexp:
 			return "bad config: REGEXP is mandatory"
-		
+
 		# Run command
 		stdout = ""
 		ret = subprocess.run(config.command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
@@ -157,7 +157,7 @@ class Main:
 				ret.returncode,
 				'and error message "{}"'.format(ret.stderr.decode().strip()) if ret.stderr else ''
 			)
-		
+
 		# Parse result with regex
 		match = re.search(config.regexp, stdout, re.MULTILINE)
 		if not match: