summaryrefslogtreecommitdiffstats
path: root/plugins/check_apt.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_apt.c')
-rw-r--r--plugins/check_apt.c150
1 files changed, 113 insertions, 37 deletions
diff --git a/plugins/check_apt.c b/plugins/check_apt.c
index a639a411..fa982ae3 100644
--- a/plugins/check_apt.c
+++ b/plugins/check_apt.c
@@ -1,32 +1,32 @@
1/***************************************************************************** 1/*****************************************************************************
2* 2*
3* Monitoring check_apt plugin 3* Monitoring check_apt plugin
4* 4*
5* License: GPL 5* License: GPL
6* Copyright (c) 2006-2008 Monitoring Plugins Development Team 6* Copyright (c) 2006-2008 Monitoring Plugins Development Team
7* 7*
8* Original author: Sean Finney 8* Original author: Sean Finney
9* 9*
10* Description: 10* Description:
11* 11*
12* This file contains the check_apt plugin 12* This file contains the check_apt plugin
13* 13*
14* Check for available updates in apt package management systems 14* Check for available updates in apt package management systems
15* 15*
16* 16*
17* This program is free software: you can redistribute it and/or modify 17* This program is free software: you can redistribute it and/or modify
18* it under the terms of the GNU General Public License as published by 18* it under the terms of the GNU General Public License as published by
19* the Free Software Foundation, either version 3 of the License, or 19* the Free Software Foundation, either version 3 of the License, or
20* (at your option) any later version. 20* (at your option) any later version.
21* 21*
22* This program is distributed in the hope that it will be useful, 22* This program is distributed in the hope that it will be useful,
23* but WITHOUT ANY WARRANTY; without even the implied warranty of 23* but WITHOUT ANY WARRANTY; without even the implied warranty of
24* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 24* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25* GNU General Public License for more details. 25* GNU General Public License for more details.
26* 26*
27* You should have received a copy of the GNU General Public License 27* You should have received a copy of the GNU General Public License
28* along with this program. If not, see <http://www.gnu.org/licenses/>. 28* along with this program. If not, see <http://www.gnu.org/licenses/>.
29* 29*
30*****************************************************************************/ 30*****************************************************************************/
31 31
32const char *progname = "check_apt"; 32const char *progname = "check_apt";
@@ -66,13 +66,19 @@ char* construct_cmdline(upgrade_type u, const char *opts);
66/* run an apt-get update */ 66/* run an apt-get update */
67int run_update(void); 67int run_update(void);
68/* run an apt-get upgrade */ 68/* run an apt-get upgrade */
69int run_upgrade(int *pkgcount, int *secpkgcount); 69int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkglist);
70/* add another clause to a regexp */ 70/* add another clause to a regexp */
71char* add_to_regexp(char *expr, const char *next); 71char* add_to_regexp(char *expr, const char *next);
72/* extract package name from Inst line */
73char* pkg_name(char *line);
74/* string comparison function for qsort */
75int cmpstringp(const void *p1, const void *p2);
72 76
73/* configuration variables */ 77/* configuration variables */
74static int verbose = 0; /* -v */ 78static int verbose = 0; /* -v */
75static int do_update = 0; /* whether to call apt-get update */ 79static bool list = false; /* list packages available for upgrade */
80static bool do_update = false; /* whether to call apt-get update */
81static bool only_critical = false; /* whether to warn about non-critical updates */
76static upgrade_type upgrade = UPGRADE; /* which type of upgrade to do */ 82static upgrade_type upgrade = UPGRADE; /* which type of upgrade to do */
77static char *upgrade_opts = NULL; /* options to override defaults for upgrade */ 83static char *upgrade_opts = NULL; /* options to override defaults for upgrade */
78static char *update_opts = NULL; /* options to override defaults for update */ 84static char *update_opts = NULL; /* options to override defaults for update */
@@ -80,13 +86,16 @@ static char *do_include = NULL; /* regexp to only include certain packages */
80static char *do_exclude = NULL; /* regexp to only exclude certain packages */ 86static char *do_exclude = NULL; /* regexp to only exclude certain packages */
81static char *do_critical = NULL; /* regexp specifying critical packages */ 87static char *do_critical = NULL; /* regexp specifying critical packages */
82static char *input_filename = NULL; /* input filename for testing */ 88static char *input_filename = NULL; /* input filename for testing */
89/* number of packages available for upgrade to return WARNING status */
90static int packages_warning = 1;
83 91
84/* other global variables */ 92/* other global variables */
85static int stderr_warning = 0; /* if a cmd issued output on stderr */ 93static int stderr_warning = 0; /* if a cmd issued output on stderr */
86static int exec_warning = 0; /* if a cmd exited non-zero */ 94static int exec_warning = 0; /* if a cmd exited non-zero */
87 95
88int main (int argc, char **argv) { 96int main (int argc, char **argv) {
89 int result=STATE_UNKNOWN, packages_available=0, sec_count=0; 97 int result=STATE_UNKNOWN, packages_available=0, sec_count=0, i=0;
98 char **packages_list=NULL, **secpackages_list=NULL;
90 99
91 /* Parse extra opts if any */ 100 /* Parse extra opts if any */
92 argv=np_extra_opts(&argc, argv, progname); 101 argv=np_extra_opts(&argc, argv, progname);
@@ -106,11 +115,11 @@ int main (int argc, char **argv) {
106 if(do_update) result = run_update(); 115 if(do_update) result = run_update();
107 116
108 /* apt-get upgrade */ 117 /* apt-get upgrade */
109 result = max_state(result, run_upgrade(&packages_available, &sec_count)); 118 result = max_state(result, run_upgrade(&packages_available, &sec_count, &packages_list, &secpackages_list));
110 119
111 if(sec_count > 0){ 120 if(sec_count > 0){
112 result = max_state(result, STATE_CRITICAL); 121 result = max_state(result, STATE_CRITICAL);
113 } else if(packages_available > 0){ 122 } else if(packages_available >= packages_warning && only_critical == false){
114 result = max_state(result, STATE_WARNING); 123 result = max_state(result, STATE_WARNING);
115 } else if(result > STATE_UNKNOWN){ 124 } else if(result > STATE_UNKNOWN){
116 result = STATE_UNKNOWN; 125 result = STATE_UNKNOWN;
@@ -129,6 +138,18 @@ int main (int argc, char **argv) {
129 sec_count 138 sec_count
130 ); 139 );
131 140
141 if(list) {
142 qsort(secpackages_list, sec_count, sizeof(char*), cmpstringp);
143 qsort(packages_list, packages_available-sec_count, sizeof(char*), cmpstringp);
144
145 for(i = 0; i < sec_count; i++)
146 printf("%s (security)\n", secpackages_list[i]);
147 if (only_critical == false) {
148 for(i = 0; i < packages_available - sec_count; i++)
149 printf("%s\n", packages_list[i]);
150 }
151 }
152
132 return result; 153 return result;
133} 154}
134 155
@@ -145,15 +166,18 @@ int process_arguments (int argc, char **argv) {
145 {"upgrade", optional_argument, 0, 'U'}, 166 {"upgrade", optional_argument, 0, 'U'},
146 {"no-upgrade", no_argument, 0, 'n'}, 167 {"no-upgrade", no_argument, 0, 'n'},
147 {"dist-upgrade", optional_argument, 0, 'd'}, 168 {"dist-upgrade", optional_argument, 0, 'd'},
169 {"list", no_argument, false, 'l'},
148 {"include", required_argument, 0, 'i'}, 170 {"include", required_argument, 0, 'i'},
149 {"exclude", required_argument, 0, 'e'}, 171 {"exclude", required_argument, 0, 'e'},
150 {"critical", required_argument, 0, 'c'}, 172 {"critical", required_argument, 0, 'c'},
173 {"only-critical", no_argument, 0, 'o'},
151 {"input-file", required_argument, 0, INPUT_FILE_OPT}, 174 {"input-file", required_argument, 0, INPUT_FILE_OPT},
175 {"packages-warning", required_argument, 0, 'w'},
152 {0, 0, 0, 0} 176 {0, 0, 0, 0}
153 }; 177 };
154 178
155 while(1) { 179 while(1) {
156 c = getopt_long(argc, argv, "hVvt:u::U::d::ni:e:c:", longopts, NULL); 180 c = getopt_long(argc, argv, "hVvt:u::U::d::nli:e:c:ow:", longopts, NULL);
157 181
158 if(c == -1 || c == EOF || c == 1) break; 182 if(c == -1 || c == EOF || c == 1) break;
159 183
@@ -188,12 +212,15 @@ int process_arguments (int argc, char **argv) {
188 upgrade=NO_UPGRADE; 212 upgrade=NO_UPGRADE;
189 break; 213 break;
190 case 'u': 214 case 'u':
191 do_update=1; 215 do_update=true;
192 if(optarg!=NULL){ 216 if(optarg!=NULL){
193 update_opts=strdup(optarg); 217 update_opts=strdup(optarg);
194 if(update_opts==NULL) die(STATE_UNKNOWN, "strdup failed"); 218 if(update_opts==NULL) die(STATE_UNKNOWN, "strdup failed");
195 } 219 }
196 break; 220 break;
221 case 'l':
222 list=true;
223 break;
197 case 'i': 224 case 'i':
198 do_include=add_to_regexp(do_include, optarg); 225 do_include=add_to_regexp(do_include, optarg);
199 break; 226 break;
@@ -203,9 +230,15 @@ int process_arguments (int argc, char **argv) {
203 case 'c': 230 case 'c':
204 do_critical=add_to_regexp(do_critical, optarg); 231 do_critical=add_to_regexp(do_critical, optarg);
205 break; 232 break;
233 case 'o':
234 only_critical=true;
235 break;
206 case INPUT_FILE_OPT: 236 case INPUT_FILE_OPT:
207 input_filename = optarg; 237 input_filename = optarg;
208 break; 238 break;
239 case 'w':
240 packages_warning = atoi(optarg);
241 break;
209 default: 242 default:
210 /* print short usage statement if args not parsable */ 243 /* print short usage statement if args not parsable */
211 usage5(); 244 usage5();
@@ -217,7 +250,7 @@ int process_arguments (int argc, char **argv) {
217 250
218 251
219/* run an apt-get upgrade */ 252/* run an apt-get upgrade */
220int run_upgrade(int *pkgcount, int *secpkgcount){ 253int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkglist){
221 int i=0, result=STATE_UNKNOWN, regres=0, pc=0, spc=0; 254 int i=0, result=STATE_UNKNOWN, regres=0, pc=0, spc=0;
222 struct output chld_out, chld_err; 255 struct output chld_out, chld_err;
223 regex_t ireg, ereg, sreg; 256 regex_t ireg, ereg, sreg;
@@ -236,7 +269,7 @@ int run_upgrade(int *pkgcount, int *secpkgcount){
236 die(STATE_UNKNOWN, _("%s: Error compiling regexp: %s"), progname, rerrbuf); 269 die(STATE_UNKNOWN, _("%s: Error compiling regexp: %s"), progname, rerrbuf);
237 } 270 }
238 } 271 }
239 272
240 if(do_exclude!=NULL){ 273 if(do_exclude!=NULL){
241 regres=regcomp(&ereg, do_exclude, REG_EXTENDED); 274 regres=regcomp(&ereg, do_exclude, REG_EXTENDED);
242 if(regres!=0) { 275 if(regres!=0) {
@@ -245,7 +278,7 @@ int run_upgrade(int *pkgcount, int *secpkgcount){
245 progname, rerrbuf); 278 progname, rerrbuf);
246 } 279 }
247 } 280 }
248 281
249 const char *crit_ptr = (do_critical != NULL) ? do_critical : SECURITY_RE; 282 const char *crit_ptr = (do_critical != NULL) ? do_critical : SECURITY_RE;
250 regres=regcomp(&sreg, crit_ptr, REG_EXTENDED); 283 regres=regcomp(&sreg, crit_ptr, REG_EXTENDED);
251 if(regres!=0) { 284 if(regres!=0) {
@@ -262,7 +295,7 @@ int run_upgrade(int *pkgcount, int *secpkgcount){
262 /* run the upgrade */ 295 /* run the upgrade */
263 result = np_runcmd(cmdline, &chld_out, &chld_err, 0); 296 result = np_runcmd(cmdline, &chld_out, &chld_err, 0);
264 } 297 }
265 298
266 /* apt-get upgrade only changes exit status if there is an 299 /* apt-get upgrade only changes exit status if there is an
267 * internal error when run in dry-run mode. therefore we will 300 * internal error when run in dry-run mode. therefore we will
268 * treat such an error as UNKNOWN */ 301 * treat such an error as UNKNOWN */
@@ -273,6 +306,11 @@ int run_upgrade(int *pkgcount, int *secpkgcount){
273 cmdline); 306 cmdline);
274 } 307 }
275 308
309 *pkglist=malloc(sizeof(char *) * chld_out.lines);
310 if(!pkglist) die(STATE_UNKNOWN, "malloc failed!\n");
311 *secpkglist=malloc(sizeof(char *) * chld_out.lines);
312 if(!secpkglist) die(STATE_UNKNOWN, "malloc failed!\n");
313
276 /* parse the output, which should only consist of lines like 314 /* parse the output, which should only consist of lines like
277 * 315 *
278 * Inst package .... 316 * Inst package ....
@@ -297,6 +335,9 @@ int run_upgrade(int *pkgcount, int *secpkgcount){
297 if(regexec(&sreg, chld_out.line[i], 0, NULL, 0)==0){ 335 if(regexec(&sreg, chld_out.line[i], 0, NULL, 0)==0){
298 spc++; 336 spc++;
299 if(verbose) printf("*"); 337 if(verbose) printf("*");
338 (*secpkglist)[spc-1] = pkg_name(chld_out.line[i]);
339 } else {
340 (*pkglist)[pc-spc-1] = pkg_name(chld_out.line[i]);
300 } 341 }
301 if(verbose){ 342 if(verbose){
302 printf("*%s\n", chld_out.line[i]); 343 printf("*%s\n", chld_out.line[i]);
@@ -330,7 +371,7 @@ int run_update(void){
330 struct output chld_out, chld_err; 371 struct output chld_out, chld_err;
331 char *cmdline; 372 char *cmdline;
332 373
333 /* run the upgrade */ 374 /* run the update */
334 cmdline = construct_cmdline(NO_UPGRADE, update_opts); 375 cmdline = construct_cmdline(NO_UPGRADE, update_opts);
335 result = np_runcmd(cmdline, &chld_out, &chld_err, 0); 376 result = np_runcmd(cmdline, &chld_out, &chld_err, 0);
336 /* apt-get update changes exit status if it can't fetch packages. 377 /* apt-get update changes exit status if it can't fetch packages.
@@ -363,6 +404,31 @@ int run_update(void){
363 return result; 404 return result;
364} 405}
365 406
407char* pkg_name(char *line){
408 char *start=NULL, *space=NULL, *pkg=NULL;
409 int len=0;
410
411 start = line + strlen(PKGINST_PREFIX);
412 len = strlen(start);
413
414 space = index(start, ' ');
415 if(space!=NULL){
416 len = space - start;
417 }
418
419 pkg=malloc(sizeof(char)*(len+1));
420 if(!pkg) die(STATE_UNKNOWN, "malloc failed!\n");
421
422 strncpy(pkg, start, len);
423 pkg[len]='\0';
424
425 return pkg;
426}
427
428int cmpstringp(const void *p1, const void *p2){
429 return strcmp(* (char * const *) p1, * (char * const *) p2);
430}
431
366char* add_to_regexp(char *expr, const char *next){ 432char* add_to_regexp(char *expr, const char *next){
367 char *re=NULL; 433 char *re=NULL;
368 434
@@ -435,18 +501,11 @@ print_help (void)
435 501
436 printf(UT_PLUG_TIMEOUT, timeout_interval); 502 printf(UT_PLUG_TIMEOUT, timeout_interval);
437 503
438 printf (" %s\n", "-U, --upgrade=OPTS"); 504 printf (" %s\n", "-n, --no-upgrade");
439 printf (" %s\n", _("[Default] Perform an upgrade. If an optional OPTS argument is provided,"));
440 printf (" %s\n", _("apt-get will be run with these command line options instead of the"));
441 printf (" %s", _("default "));
442 printf ("(%s).\n", UPGRADE_DEFAULT_OPTS);
443 printf (" %s\n", _("Note that you may be required to have root privileges if you do not use"));
444 printf (" %s\n", _("the default options."));
445 printf (" %s\n", "-d, --dist-upgrade=OPTS");
446 printf (" %s\n", _("Perform a dist-upgrade instead of normal upgrade. Like with -U OPTS"));
447 printf (" %s\n", _("can be provided to override the default options."));
448 printf (" %s\n", " -n, --no-upgrade");
449 printf (" %s\n", _("Do not run the upgrade. Probably not useful (without -u at least).")); 505 printf (" %s\n", _("Do not run the upgrade. Probably not useful (without -u at least)."));
506 printf (" %s\n", "-l, --list");
507 printf (" %s\n", _("List packages available for upgrade. Packages are printed sorted by"));
508 printf (" %s\n", _("name with security packages listed first."));
450 printf (" %s\n", "-i, --include=REGEXP"); 509 printf (" %s\n", "-i, --include=REGEXP");
451 printf (" %s\n", _("Include only packages matching REGEXP. Can be specified multiple times")); 510 printf (" %s\n", _("Include only packages matching REGEXP. Can be specified multiple times"));
452 printf (" %s\n", _("the values will be combined together. Any packages matching this list")); 511 printf (" %s\n", _("the values will be combined together. Any packages matching this list"));
@@ -461,9 +520,16 @@ print_help (void)
461 printf (" %s\n", _("this REGEXP, the plugin will return CRITICAL status. Can be specified")); 520 printf (" %s\n", _("this REGEXP, the plugin will return CRITICAL status. Can be specified"));
462 printf (" %s\n", _("multiple times like above. Default is a regexp matching security")); 521 printf (" %s\n", _("multiple times like above. Default is a regexp matching security"));
463 printf (" %s\n", _("upgrades for Debian and Ubuntu:")); 522 printf (" %s\n", _("upgrades for Debian and Ubuntu:"));
464 printf (" \t\%s\n", SECURITY_RE); 523 printf (" \t%s\n", SECURITY_RE);
465 printf (" %s\n", _("Note that the package must first match the include list before its")); 524 printf (" %s\n", _("Note that the package must first match the include list before its"));
466 printf (" %s\n\n", _("information is compared against the critical list.")); 525 printf (" %s\n", _("information is compared against the critical list."));
526 printf (" %s\n", "-o, --only-critical");
527 printf (" %s\n", _("Only warn about upgrades matching the critical list. The total number"));
528 printf (" %s\n", _("of upgrades will be printed, but any non-critical upgrades will not cause"));
529 printf (" %s\n", _("the plugin to return WARNING status."));
530 printf (" %s\n", "-w, --packages-warning");
531 printf (" %s\n", _("Minimum number of packages available for upgrade to return WARNING status."));
532 printf (" %s\n\n", _("Default is 1 package."));
467 533
468 printf ("%s\n\n", _("The following options require root privileges and should be used with care:")); 534 printf ("%s\n\n", _("The following options require root privileges and should be used with care:"));
469 printf (" %s\n", "-u, --update=OPTS"); 535 printf (" %s\n", "-u, --update=OPTS");
@@ -471,6 +537,16 @@ print_help (void)
471 printf (" %s\n", _("the default options. Note: you may also need to adjust the global")); 537 printf (" %s\n", _("the default options. Note: you may also need to adjust the global"));
472 printf (" %s\n", _("timeout (with -t) to prevent the plugin from timing out if apt-get")); 538 printf (" %s\n", _("timeout (with -t) to prevent the plugin from timing out if apt-get"));
473 printf (" %s\n", _("upgrade is expected to take longer than the default timeout.")); 539 printf (" %s\n", _("upgrade is expected to take longer than the default timeout."));
540 printf (" %s\n", "-U, --upgrade=OPTS");
541 printf (" %s\n", _("Perform an upgrade. If an optional OPTS argument is provided,"));
542 printf (" %s\n", _("apt-get will be run with these command line options instead of the"));
543 printf (" %s", _("default "));
544 printf ("(%s).\n", UPGRADE_DEFAULT_OPTS);
545 printf (" %s\n", _("Note that you may be required to have root privileges if you do not use"));
546 printf (" %s\n", _("the default options, which will only run a simulation and NOT perform the upgrade"));
547 printf (" %s\n", "-d, --dist-upgrade=OPTS");
548 printf (" %s\n", _("Perform a dist-upgrade instead of normal upgrade. Like with -U OPTS"));
549 printf (" %s\n", _("can be provided to override the default options."));
474 550
475 printf(UT_SUPPORT); 551 printf(UT_SUPPORT);
476} 552}
@@ -481,5 +557,5 @@ void
481print_usage(void) 557print_usage(void)
482{ 558{
483 printf ("%s\n", _("Usage:")); 559 printf ("%s\n", _("Usage:"));
484 printf ("%s [[-d|-u|-U]opts] [-n] [-t timeout]\n", progname); 560 printf ("%s [[-d|-u|-U]opts] [-n] [-l] [-t timeout] [-w packages-warning]\n", progname);
485} 561}