X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=dsa-nagios-checks%2Fchecks%2Fdsa-check-running-kernel;h=467c219aecbae7265a78ba1450fc5782b8187fb2;hb=4b93c82f0bfb726242324294207abf254694b81e;hp=78255f71a55a8f3be19f69ba556290b96c45896b;hpb=f060cd469b7ae31ae606acb249210a9399fdbefe;p=mirror%2Fdsa-nagios.git diff --git a/dsa-nagios-checks/checks/dsa-check-running-kernel b/dsa-nagios-checks/checks/dsa-check-running-kernel index 78255f7..467c219 100755 --- a/dsa-nagios-checks/checks/dsa-check-running-kernel +++ b/dsa-nagios-checks/checks/dsa-check-running-kernel @@ -3,9 +3,10 @@ # Check if the running kernel has the same version string as the on-disk # kernel image. -# Copyright 2008,2009 Peter Palfrader +# Copyright 2008,2009,2011,2012,2013,2014 Peter Palfrader # Copyright 2009 Stephen Gran -# Copyright 2010 Uli Martens +# Copyright 2010,2012,2013 Uli Martens +# Copyright 2011 Alexander Reichle-Schmehl # # Permission is hereby granted, free of charge, to any person obtaining # a copy of this software and associated documentation files (the @@ -36,19 +37,19 @@ get_offset() { file="$1" needle="$2" + perl -e ' undef $/; - $i = index(<>, "'"$needle"'"); - if ($i < 0) { - exit 1; - }; - print $i,"\n"' < "$file" + $i = 0; $k=<>; + while (($i = index($k, "'"$needle"'", $i)) >= 0) { + print $i++,"\n"; + }; ' < "$file" } -get_avail_linux() { +get_avail() { # This is wrong, but leaves room for when we have to care for machines running # myfirstunix-image-0.1-dsa-arm - local prefix=linux + local prefix="$1"; shift local kervers=$(uname -r) @@ -56,10 +57,14 @@ get_avail_linux() { # DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where # Debian uses versions of the form 2.6.29-2-amd64 - if [ "${kervers//dsa}" != "$kervers" ]; then - metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/') + if [ "${kervers#2}" != "$kervers" ]; then + if [ "${kervers//dsa}" != "$kervers" ]; then + metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/') + else + metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+-[A-Za-z0-9\.]+-(.*)/2.\1-\2/') + fi else - metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+-[A-Za-z0-9\.]+-(.*)/2.\1-\2/') + metavers=$(echo $kervers | sed -r -e 's/^[0-9]+\.[0-9]+(\.[0-9])?+-[A-Za-z0-9\.]+-(.*)/\2/') fi # Attempt to track back to a metapackage failed. bail @@ -90,7 +95,7 @@ get_avail_linux() { local imagename=0 # --no-all-versions show shows only the candidate for vers in $(apt-cache --no-all-versions show ${prefix}-image-${metavers} | sed -n 's/^Depends: //p' | tr ',' '\n' | tr -d ' ' | grep ${prefix}-image | awk '{print $1}' | sort -u); do - if dpkg --compare-versions $vers gt $imagename; then + if dpkg --compare-versions "1.$vers" gt "1.$imagename"; then imagename=$vers fi done @@ -100,7 +105,7 @@ get_avail_linux() { fi if [ "$imagename" != "${prefix}-image-${kervers}" ]; then - if dpkg --compare-versions "$imagename" lt "${prefix}-image-${kervers}"; then + if dpkg --compare-versions 1."$imagename" lt 1."${prefix}-image-${kervers}"; then return 2 fi echo "$imagename" != "${prefix}-image-${kervers}" @@ -108,50 +113,74 @@ get_avail_linux() { fi local availvrs=$(apt-cache policy ${imagename} 2>/dev/null | grep '^ Candidate' | awk '{print $2}') - local kernelversion=$(apt-cache policy ${prefix}-image-${kervers} 2>/dev/null | grep '^ Installed:' | awk '{print $2}') - - if [ "$availvrs" = "$kernelversion" ]; then - return 0 - fi + local kernelversion + for kernelversion in $(apt-cache policy ${prefix}-image-${kervers} ${prefix}-image-${kervers}-unsigned 2>/dev/null | grep '^ Installed:' | awk '{print $2}' | grep -F -v '(none)' ); do + if [ "$availvrs" = "$kernelversion" ]; then + return 0 + fi + done echo "$kernelversion != $availvrs" return 1 } -get_image_linux() { - local image GZHDR1 GZHDR2 LZHDR off +cat_vmlinux() { + local image header filter hdroff image="$1" + header="$2" + filter="$3" + hdroff="$4" + + get_offset "$image" $header | head -n 5 | while read off; do + (if [ "$off" != 0 ]; then + dd ibs="$((off+hdroff))" skip=1 count=0 + fi && + dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null + done +} - GZHDR1="\x1f\x8b\x08\x00" - GZHDR2="\x1f\x8b\x08\x08" - LZHDR="\x00\x00\x00\x02\xff" +get_image_linux() { + local image - off=`get_offset "$image" $GZHDR1` - [ "$?" != "0" ] && off="-1" - if [ "$off" -eq "-1" ]; then - off=`get_offset "$image" $GZHDR2` - [ "$?" != "0" ] && off="-1" - fi - if [ "$off" -eq "0" ]; then - zcat < "$image" - return - elif [ "$off" -ne "-1" ]; then - (dd ibs="$off" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | zcat 2>/dev/null - return - fi + image="$1" - off=`get_offset "$image" $LZHDR` - [ "$?" != "0" ] && off="-1" - if [ "$off" -ne "-1" ]; then - (dd ibs="$[off-1]" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | lzcat 2>/dev/null - return - fi + # gzip compressed image + cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0 + cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0 + # lzma compressed image + cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1 + cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1 + # xz compressed image + cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0 echo "ERROR: Unable to extract kernel image." 2>&1 exit 1 } + +freebsd_check_running_version() { + local imagefile="$1"; shift + + local r="$(uname -r)" + local v="$(uname -v| sed -e 's/^#[0-9]*/&:/')" + + local q='@(#)FreeBSD '"$r $v" + + if zcat "$imagefile" | $STRINGS | grep -F -q "$q"; then + echo "OK" + else + echo "not OK" + fi +} + +STRINGS=""; +if [ -x "$(which strings)" ]; then + STRINGS="$(which strings)" +elif [ -x "$(which busybox)" -a "$( echo foobar | $(which busybox) strings 2>/dev/null)" = "foobar" ]; then + STRINGS="$(which busybox) strings" +fi + searched="" for on_disk in \ "/boot/vmlinuz-`uname -r`"\ @@ -159,16 +188,26 @@ for on_disk in \ "/boot/kfreebsd-`uname -r`.gz"; do if [ -e "$on_disk" ]; then + if [ -z "$STRINGS" ]; then + echo "UNKNOWN: 'strings' command missing, perhaps install binutils or busybox?" + exit $UNKNOWN + fi if [ "${on_disk/vmlinu}" != "$on_disk" ]; then - on_disk_version="`get_image_linux "$on_disk" | strings | grep 'Linux version' | head -n1`" + on_disk_version="`get_image_linux "$on_disk" | $STRINGS | grep 'Linux version' | head -n1`" + if [ -x /usr/bin/lsb_release ] ; then + vendor=$(lsb_release -i -s) + if [ -n "$vendor" ] && [ "xDebian" != "x$vendor" ] ; then + on_disk_version=$( echo $on_disk_version|sed -e "s/ ($vendor [[:alnum:]\.-]\+ [[:alnum:]\.]\+)//") + fi + fi [ -z "$on_disk_version" ] || break - on_disk_version="`cat "$on_disk" | strings | grep 'Linux version' | head -n1`" + on_disk_version="`cat "$on_disk" | $STRINGS | grep 'Linux version' | head -n1`" [ -z "$on_disk_version" ] || break echo "UNKNOWN: Failed to get a version string from image $on_disk" exit $UNKNOWN else - on_disk_version="$(zcat $on_disk | strings | grep Debian | head -n 1 | sed -e 's/Debian [[:alnum:]]\+ (\(.*\))/\1/')" + on_disk_version="$(zcat $on_disk | $STRINGS | grep Debian | head -n 1 | sed -e 's/Debian [[:alnum:]]\+ (\(.*\))/\1/')" fi fi searched="$searched $on_disk" @@ -191,14 +230,25 @@ if [ "$(uname -s)" = "Linux" ]; then exit $WARNING fi - ret="$(get_avail_linux)" + ret="$(get_avail linux)" if [ $? = 1 ]; then echo "WARNING: Kernel needs upgrade [$ret]" exit $WARNING fi else - echo "No support for FreeBSD yet" - exit $OK + image_current=$(freebsd_check_running_version $on_disk) + running_version="`uname -s` `uname -r` `uname -v`" + if [ "$image_current" != "OK" ]; then + approx_time="$(date -d "@`stat -c '%Y' "$on_disk"`" +"%Y-%m-%d %H:%M:%S")" + echo "WARNING: Currently running kernel ($running_version) does not match on disk image (~ $approx_time)" + exit $WARNING; + fi + + ret="$(get_avail linux)" + if [ $? = 1 ]; then + echo "WARNING: Kernel needs upgrade [$ret]" + exit $WARNING + fi fi echo "OK: Running kernel matches on disk image: [$running_version]"