For the impatient: [Download check_categorized_updates now]
I’ve been writing a lot of nagios plugins lately, and here’s the newest of the group. After googling around, I wasn’t able to find any nagios plugins that would support checking if, in the list of available packages, there were any that fell under the category of “security updates”. You know, like how PackageKit organizes the security updates.
I also decided to take the script one step further. You can specify required packages with the “-r” flag, and if they are found in the possible updates list, even for a feature enhancement, the plugin will report the system as “critical”. Otherwise, it reports as Warning.
Please do note in using this plugin that I parse out the metadata that yum prints by seeing if the output is greater than three lines. This will most definitely change from place to place. Also, this utility requires yum to be installed and it’s been designed on a RHEL/Fedora system. Updating it to use apt-get or the sun updating mechanism shouldn’t be terribly difficult, though, just a matter of changing the grep patterns.
So if the packages “kernel.x86_64” and “libtiff_x86_64” are available to be updates, and libtiff is a security update, here’s what the various combinations of options will return:
# ./check_updates => Warning
# ./check_updates -s => Critical
…
# yum update libtiff
…
# ./check_updates => Warning
# ./check_updates -s => Warning
# ./check_updates -r kernel.x86_64 => Critical
# ./check_updates -s -r kernel.x86_64 => Critical
…
# yum update kernel
…
# ./check_updates => Ok
# ./check_updates -s => Ok
# ./check_updates -r kernel.x86_64 => Ok
# ./check_updates -s -r kernel.x86_64 => Ok