Computer
,BSD
Script to "centralize" checking for updates on FreeBSD
I have to administrate several FreeBSD-servers and I need to know which servers need updates. Eveen though I have a poudriere running, I also have a local ports-tree on the machines because they are either not using the poudriere because they are not migrated to it yet or there was some reason to have a locally compiled package. Now I want to know daily which servers need package-updates and if any server has packages that have known CVEs. Thus I update the index of the portstree daily with the following cronjob for root:
0 3 * * * portsnap -I cron updateI have several “classes” of servers, thus I want mails for every class of server. For each class I have a cronjob like this in my personal crontab (or you could put it on one of your servers):
0 6 * * 1-5 /usr/local/scripts/check_for_updates.sh class1The user needs to be able to log into each server with an ssh-key.
#!/bin/sh
TMPFILE=`mktemp`
case $1 in
class1)
SERVERS="server1 server2"
MAILADDRESS="my@mailaddress.foo"
;;
class2)
SERVERS="server3 server4 server5"
MAILADDRESS="my@mailaddress.foo"
;;
private)
SERVERS="privateserver1 privateserver2"
MAILADDRESS="myprivate@mailaddress.foo"
;;
esac
for i in $SERVERS; do
echo "$i:" >> $TMPFILE
update_count=`ssh $i "pkg version" | grep \< | wc -l`
if [ $update_count -gt 0 ]; then
echo "$i needs $update_count updates" >> $TMPFILE
ssh $i "pkg version" | grep \< >> $TMPFILE
echo "" >> $TMPFILE
echo "" >> $TMPFILE
ssh $i "pkg audit" >> $TMPFILE
else
echo "$i needs no updates" >> $TMPFILE
fi
echo "" >> $TMPFILE
echo "" >> $TMPFILE
done
mail -s "$1 update status" $MAILADDRESS < $TMPFILE
rm $TMPFILE
mail -s "$1 update status" $MAILADDRESS < $TMPFILE
rm $TMPFILE
Sunday December 10, 2017