#!/usr/bin/perl -w # nagios: -epn # # check_zypper - nagios plugin # # Copyright (C) 2008, Novell, Inc. # Author: Lars Vogdt # # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # * Redistributions of source code must retain the above copyright notice, this # list of conditions and the following disclaimer. # # * Redistributions in binary form must reproduce the above copyright notice, # this list of conditions and the following disclaimer in the documentation # and/or other materials provided with the distribution. # # * Neither the name of the Novell nor the names of its contributors may be # used to endorse or promote products derived from this software without # specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # # $Id$ # use strict; use warnings; use Getopt::Long; use vars qw($PROGNAME $VERSION $DEBUG); # cleanup the environment $ENV{'PATH'}='/bin:/usr/bin:/sbin:/usr/sbin:'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; # constants $PROGNAME="check_zypper"; $VERSION="1.01"; $DEBUG = 0; # variables our $zypper="/usr/bin/zypper"; our $zypperopt="--non-interactive --no-gpg-checks xml-updates"; our $sudo="/usr/bin/sudo"; our $refresh_wrapper="/usr/sbin/zypp-refresh-wrapper"; our $use_sudo="unset LANG; "; our $releasefile="/etc/SuSE-release"; our $release="11.0"; our $dist="openSUSE"; our $patchlevel=0; our ($opt_V, $opt_h, $opt_i, $opt_H, $opt_w, $opt_c, $opt_f, $opt_o, $opt_p, $opt_r, $opt_s, $opt_t, $opt_v); our $exitcode=0; our %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4); our %REVERSE=(4=>'DEPENDENT',3=>'UNKNOWN',2=>'CRITICAL',1=>'WARNING',0=>'OK'); our $TIMEOUT=120; our @patchignore=(); our @packageignore=(); $opt_H=""; $opt_w="recommended,optional"; $opt_c="security"; $opt_f="$releasefile"; $opt_t="120"; $opt_v=0; $opt_o=0; $opt_p=1; $opt_s=0; ####################################################################### # Functions ####################################################################### sub print_myrevision ($$) { my $commandName = shift; my $pluginRevision = shift; print "$commandName v$pluginRevision\n"; } sub mysupport () { print "Please use https://bugzilla.novell.com to submit patches or suggest improvements.\n"; print "Please include version information with all correspondence (when possible,\n"; print "use output from the --version option of the plugin itself).\n"; } sub usage ($) { my $format=shift; printf($format,@_); exit $ERRORS{'UNKNOWN'}; } sub get_distribution($){ my $file=shift || "$releasefile"; open(RELEASE,"<$file") || warn ("Could not open $file\n"); while (){ if (/^SUSE Linux Enterprise/){ $dist="SLE"; } if (/^VERSION/){ ( $release ) = $_ =~ m/VERSION = (.*)/; } if (/^PATCHLEVEL/){ ( $patchlevel ) = $_ =~ m/PATCHLEVEL = (.*)/; } } close(RELEASE); print STDERR "INFO: $dist,$release,$patchlevel\n" if ($DEBUG); return($dist,$release,$patchlevel); } sub print_usage () { print "This plugin checks for software updates on systems that use package\n"; print "management systems based on the zypper command found in openSUSE.\n\n"; print "It checks for security, recommended and optional patches and also for\n"; print "optional package updates.\n\n"; print "You can define the status by patch category. Use a commata to list more\n"; print "than one category to a state. Possible values are recommended,optional,security\n"; print "and packages\n\n"; print "If you like to know the names of available patches and packages, use\n"; print "the \"-v\" option.\n\n"; print "Usage:\n"; print " $PROGNAME [-w ] [-c ] [-t ] [-v]\n"; print " $PROGNAME [-h | --help]\n"; print " $PROGNAME [-V | --version]\n"; print "\n\nOptions:\n"; print " -c, --critical\n"; print " A patch with this category result in critical status.\n"; print " Default: $opt_c\n"; print " -f, --releasefile\n"; print " Use the given file to get informations about the distribution.\n"; print " Default: $releasefile\n"; print " -h, --help\n"; print " Print detailed help screen\n"; print " -i, --ignore \n"; print " Ignore patches/packages that are mentioned in \n"; print " Just list one patch/package per line - example:\n\n"; print " patch:libtiff-devel\n"; print " # comment\n"; print " package:libtiff3\n"; print " package:libtiff-devel\n\n"; print " -o, --ignore_outdated\n"; print " Don't warn if a repository is outdated.\n"; print " -p, --no_perfdata\n"; print " Print no perfdata\n"; print " -r, --refresh_repos\n"; print " Tries to refresh the repositories before checking for updates.\n"; print " Note: this maybe needs an entry in /etc/sudoers like:\n"; print " nagios ALL = NOPASSWD: /usr/bin/zypper ref\n"; print " (and additional lines for the \'-s\' Option) if no check-zypp-wrapper is available.\n"; print " -s, --use_sudo\n"; print " Zypper needs root privileges on some distributions (known: 10.1 and SLE10).\n"; print " You can enable the script to use $sudo to start zypper.\n"; print " But don't forget to enable nopasswd sudo for the user starting $PROGNAME\n"; print " Via lines like the two below on in /etc/sudoers:\n"; print " nagios ALL = NOPASSWD: /usr/bin/zypper sl, \\ \n"; print " /usr/bin/zypper $zypperopt\n"; print " -t, --timeout\n"; print " Just in case of problems, let's not hang Nagios and define a timeout.\n"; print " Default value is: $opt_t seconds\n"; print " -v, --verbose_output\n"; print " Print more information (useful only with Nagios v3.x).\n"; print " -w, --warning\n"; print " A patch with this category result in warning status.\n"; print " Default: $opt_w\n"; print "\n"; print " -V, --version\n"; print " Print version information\n"; } sub print_help { my $exit=shift || undef; print "Copyright (c) 2009, Novell, Inc.\n\n"; print_usage(); print "\n"; mysupport(); exit $exit if (defined($exit)); } sub check_zypper(){ if ( -x "$zypper" ){ print STDERR "INFO: Trying $use_sudo $zypper sl 2>/dev/null 1>&2\n" if ( $DEBUG ); return (system("$use_sudo $zypper sl 2>/dev/null 1>&2")); } else { return 1; } } sub refresh_zypper(){ if ( -x $refresh_wrapper ){ print STDERR "Trying: $refresh_wrapper 2>/dev/null 1>&2\n" if ( $DEBUG ); return (system("$refresh_wrapper 2>/dev/null 1>&2")); } if ( -x "$zypper" ){ print STDERR "Trying: $sudo $zypper ref 2>/dev/null 1>&2\n" if ( $DEBUG ); my $res=system("$sudo $zypper ref 2>/dev/null 1>&2"); if (( "$release" eq "10.2" ) || ("$dist" eq "SLE")){ return 0 if ( $res ); } else { return $res } } else { return 1; } } sub check_errorcode($){ my $status=shift || ""; my $level=0; my $returnvalue="OK"; $returnvalue="WARNING" if ("$opt_w" =~ /$status/); $returnvalue="CRITICAL" if ("$opt_c" =~ /$status/); $level=$ERRORS{"$returnvalue"}; $exitcode=$level if ( $level gt $exitcode); $returnvalue=$REVERSE{"$exitcode"}; return "$returnvalue"; } sub check(){ my ($status,$ret_str,$error); my $secstr=""; my $recstr=""; my $optstr=""; my $pacstr=""; my $seccount=0; my $reccount=0; my $optcount=0; my $paccount=0; my $update_avail=0; my %packagelist; print STDERR "INFO: Trying $use_sudo $zypper $zypperopt\n" if ($DEBUG); if (open (FH, "$use_sudo $zypper $zypperopt 2>&1 |")) { while(){ chomp; my $category="unknown"; print STDERR "LINE: $_\n" if ($DEBUG); # error handling return("UNKNOWN: $_","UNKNOWN") if (/not found on medium/); return("UNKNOWN: $_","UNKNOWN") if (/I\/O error: Can't provide/); return("UNKNOWN: $_","UNKNOWN") if (/Error message:/); return("UNKNOWN: $_","UNKNOWN") if (/A ZYpp transaction is already in progress./); return("UNKNOWN: $_","UNKNOWN") if (/System management is locked/); if ((/out-of-date/)&&(!$opt_o)){ $error="WARNING"; $exitcode=1; $ret_str="WARNING: At least one of your Repositories is out of date. Please run \"zypper refresh\" as root to update it. "; $ret_str.="\n" if ($opt_v); } if (( "$release" eq "10.2" ) || ("$dist" eq "SLE") ){ my ($url,$name,$version,$category,$status)=split('\s*\|\s*',$_,5); # just for reference - perhaps we need the variables later if (defined($name)){ if (grep {/$name/} @patchignore){ print STDERR "WARNING: ignoring $name as it is in \@patchignore\n" if ($DEBUG); next; } } if (/\|\s*optional\s*\|\s*Needed/) { $category="optional"; $optcount++; } if (/\|\s*recommended\s*\|\s*Needed/){ $category="recommended"; $reccount++; } if (/\|\s*security\s*\|\s*Needed/){ $category="security"; $seccount++; } $packagelist{"$category"}{"$name"}{'category'}="$category" if defined($category); $packagelist{"$category"}{"$name"}{'status'}="$status" if defined($status); $packagelist{"$category"}{"$name"}{'name'}="$name" if defined($name); } else { if (/Dump([\%packagelist]); } if ("$paccount" ne "0"){ $update_avail=1; $error=check_errorcode("packages"); $pacstr="$paccount package update(s);"; } if ("$optcount" ne "0"){ $update_avail=1; $error=check_errorcode("optional"); $optstr="$optcount optinal update(s);"; } if ("$reccount" ne "0"){ $update_avail=1; $error=check_errorcode("recommended"); $recstr="$reccount recommended update(s);"; } if ("$seccount" ne "0"){ $update_avail=1; $error=check_errorcode("security"); $secstr="$seccount security update(s);"; } if ( $update_avail ){ $ret_str.="$error : $secstr $recstr $optstr $pacstr "; my @packagelist=(); if ( $opt_v ){ foreach my $cat ('security','recommended','optional','package'){ for my $key (sort(keys %packagelist)){ if ( "$key" eq "$cat"){ for my $name (sort(keys %{$packagelist{$key}})){ if ( "$cat" eq "package"){ push @packagelist, $packagelist{$key}{$name}{'name'}; } else { $ret_str.="\n$cat patch: ".$packagelist{$key}{$name}{'name'}; } } } } } $ret_str.="\npackages: ".join(' ',@packagelist) if @packagelist; $ret_str.="\nIgnored Patches : ".join(' ',@patchignore)." " if @patchignore; $ret_str.="\nIgnored Packages: ".join(' ',@packageignore)." " if @packageignore; } } else { $error="OK"; $ret_str="OK: no updates available "; if ( $opt_v ){ $ret_str.="\nIgnored Patches : ".join(' ',@patchignore)." " if @patchignore; $ret_str.="\nIgnored Packages: ".join(' ',@packageignore)." " if @packageignore; } } $ret_str.="| security=".$seccount.";;;; recommended=".$reccount.";;;; optional=".$optcount.";;;; packages=".$paccount.";;;;\n" if ($opt_p); } close(FH); return("$ret_str","$error"); } ####################################################################### # Main ####################################################################### Getopt::Long::Configure('bundling'); GetOptions( "V" => \$opt_V, "version" => \$opt_V, "h" => \$opt_h, "help" => \$opt_h, "i=s" => \$opt_i, "ignore=s" => \$opt_i, "H=s" => \$opt_H, "hostname" => \$opt_H, "w=s" => \$opt_w, "warning=s" => \$opt_w, "c=s" => \$opt_c, "critical=s" => \$opt_c, "f=s" => \$opt_f, "releasefile=s" => \$opt_f, "o" => \$opt_o, "ignore_outdated" => \$opt_o, "p:0" => \$opt_p, "no_perfdata:0" => \$opt_p, "r" => \$opt_r, "refresh_repos" => \$opt_r, "t=i" => \$opt_t, "timeout=i" => \$opt_t, "v" => \$opt_v, "verbose_output" => \$opt_v, "s" => \$opt_s, "use_sudo" => \$opt_s) or print_help(2); $TIMEOUT=$opt_t if ($opt_t); # Just in case of problems, let's not hang Nagios $SIG{'ALRM'} = sub { print "UNKNOWN - Plugin timed out\n"; exit $ERRORS{"UNKNOWN"}; }; alarm($TIMEOUT); if ($opt_V) { print_myrevision($PROGNAME,"$VERSION"); exit $ERRORS{'OK'}; } if (! $opt_H) { $opt_H=$ENV{'HOSTNAME'}; } ($dist,$release,$patchlevel)=get_distribution("$opt_f"); if ("$release" eq "10.2"){ $zypperopt="--non-interactive --no-gpg-checks list-updates"; } if ("$release" eq "11.1"){ $zypperopt="--xmlout list-updates -t package -t patch"; } if ("$dist" eq "SLE"){ if (("$release" eq "10") && ($patchlevel gt 0)){ $zypperopt="--non-interactive --no-gpg-checks --terse list-updates"; } elsif ("$release" eq "11"){ $zypperopt="--xmlout list-updates -t package -t patch"; } else { print "UNKNOWN - SLE $release is currently not supported\n"; exit $ERRORS{"UNKNOWN"}; } } $use_sudo.="$sudo" if ($opt_s); if ($opt_h) { print_help(); exit $ERRORS{'OK'}; } if ($opt_i){ if (! -r "$opt_i" ){ print "Updates CRITICAL - can't find file '$opt_i' - perhaps you should not use option '-i'?\n"; exit $ERRORS{"CRITICAL"}; } else { open(IGNORES,"<$opt_i") or die "Could not open $opt_i: $!\n"; print "INFO: Ignoring the following patches/packages:\n" if ($DEBUG); while(){ next if /^#/; next if /^\s*$/; chomp; if (/^patch:/){ my ($foo,$toadd)=split(':', $_, 2 ); $foo=~ s/\s*//; print "INFO: + Patch : $toadd\n" if ($DEBUG); push @patchignore,$toadd; } elsif (/^package:/){ my ($foo,$toadd)=split(':', $_, 2 ); $foo=~ s/\s*//; print "INFO: + Package: $toadd\n" if ($DEBUG); push @packageignore,$toadd; } } close(IGNORES); } } if ($opt_r){ if ( refresh_zypper() ){ print "Updates UNKNWON - system does not allow to refresh the repositories\n"; exit $ERRORS{"UNKNOWN"}; } } alarm(0); if ( check_zypper() ){ print "Updates UNKNOWN - system does not allow to execute zypper\n"; exit $ERRORS{"UNKNOWN"}; } else { my ($ret_str,$error)=check(); print "Updates $ret_str"; print STDERR "INFO: Exit-Code: ".$exitcode."\n" if ($DEBUG); exit $exitcode; }