check_mk: Check for Yum Updates

check_mk

Visit the page below to download the mkp package:

https://checkmk.de/check_mk-exchange-file.php?&file=linux-updates-1.0.mkp

Upload the mkp package to your check_mk server then install it :

OMD[mysite]:~$ mkp -v install linux-updates-1.0.mkp

On the servers to be checked add the check shell script.

cd /usr/share/check-mk-agent/local
vi mk_linuxupdates.sh

The code for the check is within the download but shown here too:

!/bin/bash
 
 updateLogFile="/var/log/yum.log"
 missingStatus=0
 rebootNeeded=0
 numUpdates=0
 numSecurityUpdates=0
 maxAge=1
 statFile="/var/cache/mk_linuxupdates.stat"
 statFileSecurity="/var/cache/mk_linuxsecurityupdates.stat"
 echo "<<>>"
 statFileTimestamp=stat --printf=%Y $statFile 2>/dev/null || echo 0
 statFileSecurityTimestamp=stat --printf=%Y $statFileSecurity 2>/dev/null || echo 0
 updateLogFileTimestamp=stat --printf=%Y $updateLogFile 2>/dev/null || echo 0
 now=date +%s
 statFileAge=$(((now-statFileTimestamp)/60/60/24))   # convert to days
 statFileSecurityAge=$(((now-statFileSecurityTimestamp)/60/60/24))   # convert to days
 updateLogFileAge=$(((now-updateLogFileTimestamp)/60/60/24))   # convert to days
 echo "now: ${now}" > /tmp/mk_linuxupdates.debug
 echo "statFileTimeStamp: ${statFileTimestamp}, updateLogFileTimeStamp: ${updateLogFileTimestamp}" >> /tmp/mk_linuxupdates.debug
 echo "statFileAge: ${statFileAge}, updateLogFileAge: ${updateLogFileAge}" >> /tmp/mk_linuxupdates.debug
 echo "statFileSecurityTimeStamp: ${statFileSecurityTimestamp}, updateLogFileTimeStamp: ${updateLogFileTimestamp}" >> /tmp/mk_linuxupdates.debug
 echo "statFileSecurityAge: ${statFileSecurityAge}, updateLogFileAge: ${updateLogFileAge}" >> /tmp/mk_linuxupdates.debug
 refresh if statFile missing, older than maxAge days, or older than update log file
 if [ ! -f $statFile ] || [ $statFileAge -gt $maxAge ] || [ $updateLogFileTimestamp -gt $statFileTimestamp ]
 then
 echo "updating $statFile and $statFileSecurity" >> /tmp/mk_linuxupdates.debug
     /usr/bin/yum --security check-update --quiet | grep -v '^$' | awk '{print $1}' > $statFileSecurity     /usr/bin/yum check-update --quiet | grep -v '^$' > $statFile     cat $statFileSecurity | while read update     do             sed -i "s/$update/$update(!!)/" $statFile     done
 fi
 if [ ! -f $statFile ] || [ ! -f $statFileSecurity ]
 then
         # unable to create statFile apparently
         missingStatus=1
         echo 0 1
         exit
 fi
 numUpdatesSecurity=cat $statFileSecurity | wc -l
 numUpdates=cat $statFile | wc -l
 updates=cat $statFile | sed 's/$/,/g'
 Check if the running kernel matches the latest kernel installed
 latestKernel=ls -t /boot/vmlinuz-* | sed "s/\/boot\/vmlinuz-//g" | head -n1
 currentKernel=uname -r
 if [ "$latestKernel" != "$currentKernel" ]
 then
         rebootNeeded=1
 fi
 output data in a format that the Check_Mk plugin understands
 echo $rebootNeeded 0 $numUpdates $numUpdatesSecurity
 echo $updates | sed 's/,$//'
 exit

Perform a Check_mk discovery on the host and the new check should be shown.

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>