Re: Detect security update on Squeeze LTS
We use:
apt-get -s upgrade | grep ^Inst | grep -ie security -ie squeeze-lts
as the squeeze repo we're pulling lts updates from is named "squeeze-lts"
As a bash script, ready for a nagios check:
#!/bin/bash
NUMBER_OF_UPDATES=`apt-get -s upgrade | grep ^Inst | grep -ie security
-ie squeeze-lts | wc -l`
if [[ $NUMBER_OF_UPDATES -ge 5 ]]
then
echo "CRITICAL: $NUMBER_OF_UPDATES security updates outstanding" && exit 2;
else
echo "OK: $NUMBER_OF_UPDATES security updates outstanding" && exit 0;
fi
On 23/03/15 1:04 pm, Olivier Bonvalet wrote:
> Hi,
>
> I use «update-notifier-common» to detect pending security updates from
> my centralized monitoring, but it's not working for Squeeze LTS since
> updates are not identified as security ones.
>
> For example :
>
> ~$ /usr/lib/update-notifier/apt-check
> 11;0
>
> Where the first column (here «11») stand for not security updates (like
> tzdata or clamav database for example), and the second column (here «0»)
> stand for security updates.
>
> And an «aptitude -V dist-upgrade» say :
>
> Les paquets suivants seront mis à jour :
> e2fslibs [1.41.12-4stable1 -> 1.41.12-4+deb6u2]
> e2fsprogs [1.41.12-4stable1 -> 1.41.12-4+deb6u2]
> gnupg [1.4.10-4+squeeze6 -> 1.4.10-4+squeeze7]
> gpgv [1.4.10-4+squeeze6 -> 1.4.10-4+squeeze7] libc-bin [2.11.3-4+deb6u4 -> 2.11.3-4+deb6u5]
> libc6 [2.11.3-4+deb6u4 -> 2.11.3-4+deb6u5] libc6-i386 [2.11.3-4+deb6u4 -> 2.11.3-4+deb6u5]
> libssl0.9.8 [0.9.8o-4squeeze19 -> 0.9.8o-4squeeze20]
> linux-image-3.2.0-0.bpo.4-amd64 [3.2.65-1+deb7u1~bpo60+1 -> 3.2.65-1+deb7u2~bpo60+1]
> locales [2.11.3-4+deb6u4 -> 2.11.3-4+deb6u5]
> openssl [0.9.8o-4squeeze19 -> 0.9.8o-4squeeze20]
>
> Is there an easy way to fix that detection ?
>
> Thanks,
> Olivier
>
>
>
--
Mike Forbes
System Administrator
NZRS Ltd.
M +64 21 999 416
P +64 4 555 0125
PGP: A2BB DF0B 311C 3C8F E1D7 5EEB DA03 46C0 D68F BF2E
Reply to: