add check_apt_critical

check_apt_critical.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+# https://github.com/nagios-plugins/nagios-plugins/blob/master/plugins/check_apt.c
+
+usage() {
+  echo "usage: check_apt_critical.sh [-h] [--warn WARN] [--crit CRIT]
+
+options:
+  -h, --help            Show this help message and exit.
+  --warn WARN           The number of critical updates needed to trigger WARNING.
+  --crit CRIT           The number of critical updates needed to trigger CRITICAL.
+
+If --warn or --crit is not provided, any number of updates will trigger CRITICAL."
+  exit 1
+}
+
+WARN_LEVEL=0
+CRIT_LEVEL=0
+
+while [ "$1" != "" ]; do
+  case $1 in
+    --warn ) shift
+            WARN_LEVEL=$1
+            ;;
+    --crit ) shift
+             CRIT_LEVEL=$1
+             ;;
+    * ) usage
+  esac
+  shift
+done
+
+CRITICAL_RE='^Inst [^\(]*\(.* (Debian-Security:|Ubuntu:[^/]*/[^-]*-security)'
+APT_PATH=$(which apt-get)
+CRITICAL_UPDATES=$($APT_PATH --just-print upgrade -o 'Debug::NoLocking=true' -s -qq | grep -oE "$CRITICAL_RE" )
+NUM_CRIT_UPDATES=$(echo "$CRITICAL_UPDATES" | wc -l)
+
+if [[ $NUM_CRIT_UPDATES -eq 0 ]]; then
+  echo "OK - $NUM_CRIT_UPDATES critical updates available. | critical_updates=$NUM_CRIT_UPDATES"
+  exit 0
+fi
+
+if [[ $CRIT_LEVEL -gt 0 ]] || [[ $WARN_LEVEL -gt 0 ]]; then
+  # Only use the levels if the user has set one of them.
+  if [[ $NUM_CRIT_UPDATES -ge $CRIT_LEVEL ]]; then
+    echo "CRITICAL - $NUM_CRIT_UPDATES critical updates available. | critical_updates=$NUM_CRIT_UPDATES"
+    exit 2
+  elif [[ $NUM_CRIT_UPDATES -ge $WARN_LEVEL ]]; then
+    echo "WARNING - $NUM_CRIT_UPDATES critical updates available. | critical_updates=$NUM_CRIT_UPDATES"
+    exit 1
+  else
+      echo "OK - $NUM_CRIT_UPDATES critical updates available. | critical_updates=$NUM_CRIT_UPDATES"
+      exit 0
+  fi
+else
+  echo "CRITICAL - $NUM_CRIT_UPDATES critical updates available. | critical_updates=$NUM_CRIT_UPDATES"
+  exit 2
+fi