Script to “centralize” checking for updates on FreeBSD

I have to administrate several FreeBSD-servers and I need to know which servers need updates. Eveen though I have a poudriere running, I also have a local ports-tree on the machines because they are either not using the poudriere because they are not migrated to it yet or there was some reason to have a locally compiled package.
Now I want to know daily which servers need package-updates and if any server has packages that have known CVEs. Thus I update the index of the portstree daily with the following cronjob for root:

0 3 * * * portsnap -I cron updateI have several “classes” of servers, thus I want mails for every class of server. For each class I have a cronjob like this in my personal crontab (or you could put it on one of your servers):
0 6 * * 1-5 /usr/local/scripts/check_for_updates.sh class1The user needs to be able to log into each server with an ssh-key.


#!/bin/sh

TMPFILE=`mktemp`
case $1 in
class1)
SERVERS="server1 server2"
MAILADDRESS="my@mailaddress.foo"
;;
class2)
SERVERS="server3 server4 server5"
MAILADDRESS="my@mailaddress.foo"
;;
private)
SERVERS="privateserver1 privateserver2"
MAILADDRESS="myprivate@mailaddress.foo"
;;
esac

for i in $SERVERS; do
  echo "$i:" >> $TMPFILE
  update_count=`ssh $i "pkg version" | grep \< | wc -l`
  if [ $update_count -gt 0 ]; then
    echo "$i needs $update_count updates" >> $TMPFILE
    ssh $i "pkg version" | grep \< >> $TMPFILE
    echo "" >> $TMPFILE
    echo "" >> $TMPFILE
    ssh $i "pkg audit" >> $TMPFILE
  else
    echo "$i needs no updates" >> $TMPFILE
  fi
  echo "" >> $TMPFILE
  echo "" >> $TMPFILE
done

mail -s "$1 update status" $MAILADDRESS < $TMPFILE
rm $TMPFILE

mail -s "$1 update status" $MAILADDRESS < $TMPFILE
rm $TMPFILE

Leave a Reply

Your email address will not be published. Required fields are marked *

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Learn More)