icinga2-checks/check_apt_critical.sh

58 lines
2.0 KiB
Bash
Executable File

#!/bin/bash
# https://github.com/nagios-plugins/nagios-plugins/blob/master/plugins/check_apt.c
usage() {
echo "usage: check_apt_critical.sh [-h] [--warn WARN] [--crit CRIT]
options:
-h, --help Show this help message and exit.
--warn WARN The number of critical updates needed to trigger WARNING.
--crit CRIT The number of critical updates needed to trigger CRITICAL.
If --warn or --crit is not provided, any number of updates will trigger CRITICAL."
exit 1
}
WARN_LEVEL=0
CRIT_LEVEL=0
while [ "$1" != "" ]; do
case $1 in
--warn ) shift
WARN_LEVEL=$1
;;
--crit ) shift
CRIT_LEVEL=$1
;;
* ) usage
esac
shift
done
CRITICAL_RE='^Inst [^\(]*\(.* (Debian-Security:|Ubuntu:[^/]*/[^-]*-security)'
APT_PATH=$(which apt-get)
CRITICAL_UPDATES=$($APT_PATH --just-print upgrade -o 'Debug::NoLocking=true' -s -qq | grep -oE "$CRITICAL_RE" )
NUM_CRIT_UPDATES=$(echo "$CRITICAL_UPDATES" | wc -l)
if [[ $NUM_CRIT_UPDATES -eq 0 ]]; then
echo "OK - $NUM_CRIT_UPDATES critical updates available. | critical_updates=$NUM_CRIT_UPDATES"
exit 0
fi
if [[ $CRIT_LEVEL -gt 0 ]] || [[ $WARN_LEVEL -gt 0 ]]; then
# Only use the levels if the user has set one of them.
if [[ $CRIT_LEVEL -gt 0 ]] && [[ $NUM_CRIT_UPDATES -ge $CRIT_LEVEL ]]; then
# If the crit level is 0, that means the user has only set the --warn flag. We'll just ignore the crit level since that's what they did.
echo "CRITICAL - $NUM_CRIT_UPDATES critical updates available. | critical_updates=$NUM_CRIT_UPDATES"
exit 2
elif [[ $NUM_CRIT_UPDATES -ge $WARN_LEVEL ]]; then
echo "WARNING - $NUM_CRIT_UPDATES critical updates available. | critical_updates=$NUM_CRIT_UPDATES"
exit 1
else
echo "OK - $NUM_CRIT_UPDATES critical updates available. | critical_updates=$NUM_CRIT_UPDATES"
exit 0
fi
else
echo "CRITICAL - $NUM_CRIT_UPDATES critical updates available. | critical_updates=$NUM_CRIT_UPDATES"
exit 2
fi