5 # checks for obsolete/local and upgradeable packages.
7 # packages for the obsolete/local check can be ignored, by
8 # listing their full name in /etc/nagios/obsolete-packages-ignore
9 # or by having a regex (starting a line with "/") that matches
10 # the packagename in said file.
12 # Takes one optional argument, the location of the ignore file.
15 # Copyright (C) 2008, 2009 Peter Palfrader <peter@palfrader.org>
17 # Permission is hereby granted, free of charge, to any person obtaining
18 # a copy of this software and associated documentation files (the
19 # "Software"), to deal in the Software without restriction, including
20 # without limitation the rights to use, copy, modify, merge, publish,
21 # distribute, sublicense, and/or sell copies of the Software, and to
22 # permit persons to whom the Software is furnished to do so, subject to
23 # the following conditions:
25 # The above copyright notice and this permission notice shall be
26 # included in all copies or substantial portions of the Software.
28 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
29 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
30 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
31 # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
32 # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
33 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
34 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
40 my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
41 my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
52 die "code $newexit not defined\n" unless defined $CODE{$newexit};
54 if ($CODE{$newexit} > $CODE{$EXITCODE}) {
62 $ENV{'COLUMNS'} = 1000;
64 open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
71 while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
72 if ($line =~ /Architecture/) { $has_arch = 1; }
77 my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
78 $arch = '' unless $has_arch;
79 $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
82 my $installed = $pkgs{'ii'};
85 my @installed_packages = keys(%$installed);
86 my @cmd = ("apt-cache", "policy", @installed_packages);
88 open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
89 open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
90 open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
93 open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
97 my $candidate_found = 0;
98 while (defined($line = shift @lines)) {
99 if ($line =~ /^([^ ]*):$/) {
100 # when we have multi-arch capable fu, we require that
101 # apt-cache policy output is in the same order as its
104 # We need this, because the output block in apt-cache
105 # policy does not show the arch:
107 # | weasel@stanley:~$ apt-cache policy libedit2:amd64
109 # | Installed: 2.11-20080614-5
110 # | Candidate: 2.11-20080614-5
112 # We replace the package name in the output with the
113 # one we asked for ($pkg:$arch) - but to match this up
114 # sanely we need the order to be correct.
116 # For squeeze systems (no m-a), apt-cache policy output
119 $candidate_found = 0;
121 my $from_list = shift @installed_packages;
122 next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
124 my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
125 my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
127 if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
128 $ma_fix_pkgname eq $from_list) {
129 $pkgname = $from_list;
131 die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
134 } elsif ($line =~ /^ +Installed: (.*)$/) {
135 # etch dpkg -l does not print epochs, so use this info, it's better
136 $installed->{$pkgname}{'installed'} = $1;
137 # initialize security-update
138 $installed->{$pkgname}{'security-update'} = 0;
139 } elsif ($line =~ /^ +Candidate: (.*)$/) {
140 $installed->{$pkgname}{'candidate'} = $1;
141 } elsif ($line =~ / ([^ ]+) [0-9]+/) {
142 # check if the next lines show the sources of our candidate
143 if ($1 eq $installed->{$pkgname}{'candidate'}) {
144 $candidate_found = 1;
146 } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
147 $installed->{$pkgname}{'security-update'} = 1;
148 } elsif ($line =~ /^ +\*\*\*/) {
149 $line = shift @lines;
150 my @l = split(/ +/, $line);
151 $installed->{$pkgname}{'origin'} = $l[2];
152 $candidate_found = 0;
156 my (%current, %obsolete, %outofdate, %security_outofdate);
157 for my $pkgname (keys %$installed) {
158 my $pkg = $installed->{$pkgname};
160 unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
161 $obsolete{$pkgname} = $pkg;
165 if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
166 if ($pkg->{'security-update'}) {
167 $security_outofdate{$pkgname} = $pkg;
169 $outofdate{$pkgname} = $pkg;
173 if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
174 $obsolete{$pkgname} = $pkg;
177 $current{$pkgname} = $pkg;
180 $pkgs{'current'} = \%current;
181 $pkgs{'outofdate'} = \%outofdate;
182 $pkgs{'security_outofdate'} = \%security_outofdate;
183 $pkgs{'obsolete'} = \%obsolete;
188 my ($ignorefiles, $require_file) = @_;
192 for my $ignoreitem (@$ignorefiles) {
193 next if (!$require_file and ! -e $ignoreitem);
196 if (-d $ignoreitem) {
197 opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
198 @filestoopen = readdir(DIR);
201 @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
202 @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
203 @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
204 @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
206 push @filestoopen, $ignoreitem;
209 for my $f (@filestoopen) {
210 open (F, "< $f") or die ("Cannot open $f: $!\n");
220 my ($pkg, $ignores) = @_;
223 for my $ignore (@$ignores) {
225 return 1 if ($ig eq $pkg);
226 if (substr($ig,0,1) eq '/') {
227 substr($ig, 0, 1, '');
229 return 1 if ($pkg =~ /$ig/);
236 my ($packages, $ignores) = @_;
238 my $obs = $packages->{'obsolete'};
241 for my $pkg (keys %$obs) {
242 if (check_ignore($pkg, $ignores)) {
243 $ignored{$pkg} = $obs->{$pkg};
245 $bad{$pkg} = $obs->{$pkg};
248 delete $packages->{'obsolete'};
249 $packages->{'obsolete'} = \%bad;
250 $packages->{'obsolete-ignored'} = \%ignored;
254 my ($fd, $exit) = @_;
255 print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
259 my $ignorefiles = [$IGNORE, $IGNORED];
260 my $ignorefile_userset = 0;
262 usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
263 usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
264 $ignorefile_userset = 1;
265 $ignorefiles = \@ARGV;
268 my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
269 my $packages = get_packages();
271 filter_ignored($packages, $ignores);
276 { 'key' => 'obsolete',
278 'long' => "%d local or obsolete packages: %s",
279 'short' => "%d obs/loc",
280 'perf' => "obs_loc=%d;1;5;0",
281 'status' => 'WARNING' },
282 { 'key' => 'outofdate',
284 'long' => "%d out of date packages: %s",
285 'short' => "%d updates",
286 'perf' => "outdated=%d;1;5;0",
287 'status' => 'WARNING' },
288 { 'key' => 'current',
290 'long' => "%d packages current.",
292 'perf' => "current=%d;;;0",
294 { 'key' => 'obsolete-ignored',
296 'long' => "%d whitelisted local or obsolete packages: %s",
297 'short' => "%d obs/loc(ignored)",
298 'perf' => "obs_ign=%d;;;0",
302 'long' => "%d packages removed but not purged: %s",
304 'perf' => "rm_unprg=%d;;;0",
308 'long' => "%d packages on hold: %s",
310 'perf' => "hold=%d;;;0",
314 'long' => "%d packages requested to be purged but conffiles still installed: %s",
316 'perf' => "prg_conf=%d;1;;0",
317 'status' => 'WARNING' },
318 { 'key' => 'security_outofdate',
320 'long' => "%d packages with outstanding security updates: %s",
321 'short' => "%d security-updates",
322 'perf' => "security_outdated=%d;;1;0",
323 'status' => 'CRITICAL' },
329 for my $form (@reportform) {
330 my $pkgs = $packages->{$form->{'key'}};
331 delete $packages->{$form->{'key'}};
332 my $num = scalar keys %$pkgs;
333 push @perfout, sprintf($form->{'perf'}, $num);
334 next unless ($num > 0);
335 if ($form->{'listpackages'}) {
336 my $list = join(", ", keys %$pkgs);
337 push @longout, sprintf($form->{'long'}, $num, $list);
339 push @longout, sprintf($form->{'long'}, $num);
341 push @shortout, sprintf($form->{'short'}, $num);
342 record($form->{'status'});
344 if (scalar keys %$packages) {
346 unshift @shortout, "unk: ".join(", ", keys %$packages);
347 for my $status (sort {$b cmp $a} keys %$packages) {
348 my $pkgs = $packages->{$status};
349 my $list = join(", ", keys %$pkgs);
350 unshift @longout, "Unknown package status $status: $list";
354 my $shortout = $EXITCODE.": ".join(", ", @shortout);
355 my $longout = join("\n", @longout);
356 my $perfout = "|".join(" ", @perfout);
358 print $shortout,"\n";
362 exit $CODE{$EXITCODE};