I have to administrate several FreeBSD-servers and I need to know which servers need updates. Eveen though I have a poudriere running, I also have a local ports-tree on the machines because they are either not using the poudriere because they are not migrated to it yet or there was some reason to have a locally compiled package.
Now I want to know daily which servers need package-updates and if any server has packages that have known CVEs. Thus I update the index of the portstree daily with the following cronjob for root:
0 3 * * * portsnap -I cron updateI have several “classes” of servers, thus I want mails for every class of server. For each class I have a cronjob like this in my personal crontab (or you could put it on one of your servers):
0 6 * * 1-5 /usr/local/scripts/check_for_updates.sh class1The user needs to be able to log into each server with an ssh-key.
#!/bin/sh TMPFILE=`mktemp` case $1 in class1) SERVERS="server1 server2" MAILADDRESS="firstname.lastname@example.org" ;; class2) SERVERS="server3 server4 server5" MAILADDRESS="email@example.com" ;; private) SERVERS="privateserver1 privateserver2" MAILADDRESS="firstname.lastname@example.org" ;; esac for i in $SERVERS; do echo "$i:" >> $TMPFILE update_count=`ssh $i "pkg version" | grep \< | wc -l` if [ $update_count -gt 0 ]; then echo "$i needs $update_count updates" >> $TMPFILE ssh $i "pkg version" | grep \< >> $TMPFILE echo "" >> $TMPFILE echo "" >> $TMPFILE ssh $i "pkg audit" >> $TMPFILE else echo "$i needs no updates" >> $TMPFILE fi echo "" >> $TMPFILE echo "" >> $TMPFILE done mail -s "$1 update status" $MAILADDRESS < $TMPFILE rm $TMPFILE mail -s "$1 update status" $MAILADDRESS < $TMPFILE rm $TMPFILE