diff --git a/snmp/unpriv/osupdates/Readme.md b/snmp/unpriv/osupdates/Readme.md new file mode 100644 index 0000000..d778a5d --- /dev/null +++ b/snmp/unpriv/osupdates/Readme.md @@ -0,0 +1,9 @@ +# osupdates + +## Installation + +1. Copy shell scripts into /usr/local/bin/ +2. Make them executable +3. Copy timer and service unit into /etc/systemd/system/ +4. Activate timer (`systemctl enable --now librenms-osupdates-generate.timer`) +5. Set `extend osupdate /usr/local/bin/osupdates-unpriv-gather.sh` in `/etc/snmp/snmpd.conf` diff --git a/snmp/unpriv/osupdates/librenms-osupdates-generate.service b/snmp/unpriv/osupdates/librenms-osupdates-generate.service new file mode 100644 index 0000000..238e2e5 --- /dev/null +++ b/snmp/unpriv/osupdates/librenms-osupdates-generate.service @@ -0,0 +1,8 @@ +# librenms-osupdates-generate.service + +[Unit] +Description=generate osupdates information + +[Service] +ExecStart=/usr/local/bin/osupdates-unpriv-generate.sh + diff --git a/snmp/unpriv/osupdates/librenms-osupdates-generate.timer b/snmp/unpriv/osupdates/librenms-osupdates-generate.timer new file mode 100644 index 0000000..e40fb7e --- /dev/null +++ b/snmp/unpriv/osupdates/librenms-osupdates-generate.timer @@ -0,0 +1,11 @@ +# librenms-osupdates-generate.timer + +[Unit] +Description=generates osupdates information minutely + +[Timer] +OnCalendar=hourly +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/snmp/unpriv/osupdates/osupdates-unpriv-gather.sh b/snmp/unpriv/osupdates/osupdates-unpriv-gather.sh new file mode 100644 index 0000000..a337c59 --- /dev/null +++ b/snmp/unpriv/osupdates/osupdates-unpriv-gather.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +SNMP_PERSISTENT_DIR="$(net-snmp-config --persistent-directory)" +UNPRIV_SHARED_FILE="$SNMP_PERSISTENT_DIR/osupdates/stats.txt" + +if [ -f "$UNPRIV_SHARED_FILE" ]; then + cat "$UNPRIV_SHARED_FILE" +else + echo "0" + logger -p daemon.error -t "osupdates-unpriv" Reading osupdate data from file "$UNPRIV_SHARED_FILE" failed! +fi diff --git a/snmp/unpriv/osupdates/osupdates-unpriv-generate.sh b/snmp/unpriv/osupdates/osupdates-unpriv-generate.sh new file mode 100644 index 0000000..08a6bca --- /dev/null +++ b/snmp/unpriv/osupdates/osupdates-unpriv-generate.sh @@ -0,0 +1,115 @@ +#!/usr/bin/env bash +################################################################ +# copy this script to /etc/snmp/ and make it executable: # +# chmod +x /etc/snmp/osupdate # +# ------------------------------------------------------------ # +# edit your snmpd.conf and include: # +# extend osupdate /etc/snmp/osupdate # +#--------------------------------------------------------------# +# restart snmpd and activate the app for desired host # +#--------------------------------------------------------------# +# please make sure you have the path/binaries below # +################################################################ +BIN_WC='/usr/bin/env wc' +BIN_GREP='/usr/bin/env grep' +CMD_GREP='-c' +CMD_WC='-l' +BIN_ZYPPER='/usr/bin/env zypper' +CMD_ZYPPER='-q lu' +BIN_YUM='/usr/bin/env yum' +CMD_YUM='-q check-update' +BIN_DNF='/usr/bin/env dnf' +CMD_DNF='-q check-update' +BIN_APT='/usr/bin/env apt-get' +CMD_APT='-qq -s upgrade' +BIN_PACMAN='/usr/bin/env pacman' +CMD_PACMAN='-Sup' +BIN_CHECKUPDATES='/usr/bin/env checkupdates' +BIN_PKG='/usr/sbin/pkg' +CMD_PKG=' audit -q -F' +BIN_APK='/sbin/apk' +CMD_APK=' version' +SNMP_PERSISTENT_DIR="$(net-snmp-config --persistent-directory)" +UNPRIV_SHARED_FILE="$SNMP_PERSISTENT_DIR/osupdates/stats.txt" + +mkdir -p "$(dirname "$UNPRIV_SHARED_FILE" )" +exec > "$UNPRIV_SHARED_FILE" + +################################################################ +# Don't change anything unless you know what are you doing # +################################################################ +if command -v zypper &>/dev/null ; then + # OpenSUSE + # shellcheck disable=SC2086 + UPDATES=$($BIN_ZYPPER $CMD_ZYPPER | $BIN_WC $CMD_WC) + if [ "$UPDATES" -ge 2 ]; then + echo $(($UPDATES-2)); + else + echo "0"; + fi +elif command -v dnf &>/dev/null ; then + # Fedora + # shellcheck disable=SC2086 + UPDATES=$($BIN_DNF $CMD_DNF | $BIN_WC $CMD_WC) + if [ "$UPDATES" -ge 1 ]; then + echo $(($UPDATES-1)); + else + echo "0"; + fi +elif command -v pacman &>/dev/null ; then + # Arch + # calling pacman -Sup does not refresh the package list from the mirrors, + # thus it is not useful to find out if there are updates. Keep the pacman call + # to accomodate users that do not have it. checkupdates is in pacman-contrib. + # also enables snmpd to collect this information if it's not run as root + if command -v checkupdates &>/dev/null ; then + # shellcheck disable=SC2086 + UPDATES=$($BIN_CHECKUPDATES | $BIN_WC $CMD_WC) + else + # shellcheck disable=SC2086 + UPDATES=$($BIN_PACMAN $CMD_PACMAN | $BIN_WC $CMD_WC) + fi + if [ "$UPDATES" -ge 1 ]; then + echo $(($UPDATES-1)); + else + echo "0"; + fi +elif command -v yum &>/dev/null ; then + # CentOS / Redhat + # shellcheck disable=SC2086 + UPDATES=$($BIN_YUM $CMD_YUM | $BIN_WC $CMD_WC) + if [ "$UPDATES" -ge 1 ]; then + echo $(($UPDATES-1)); + else + echo "0"; + fi +elif command -v apt-get &>/dev/null ; then + # Debian / Devuan / Ubuntu + # shellcheck disable=SC2086 + UPDATES=$($BIN_APT $CMD_APT | $BIN_GREP $CMD_GREP 'Inst') + if [ "$UPDATES" -ge 1 ]; then + echo "$UPDATES"; + else + echo "0"; + fi +elif command -v pkg &>/dev/null ; then + # FreeBSD + # shellcheck disable=SC2086 + UPDATES=$($BIN_PKG $CMD_PKG | $BIN_WC $CMD_WC) + if [ "$UPDATES" -ge 1 ]; then + echo "$UPDATES"; + else + echo "0"; + fi +elif command -v apk &>/dev/null ; then + # Alpine + # shellcheck disable=SC2086 + UPDATES=$($BIN_APK $CMD_APK | $BIN_WC $CMD_WC) + if [ "$UPDATES" -ge 2 ]; then + echo $(($UPDATES-1)); + else + echo "0"; + fi +else + echo "0"; +fi