#!/usr/bin/perl -wT ####################################################################### # aptwatcher.pl # $Author: harpo $ $Revision: 1.3 $ $Date: 2001/04/24 08:13:35 $ # check to see if apt thinks there are new packages # to be installed # # If you're using the "stable" distribution, put # this line in /etc/apt/sources.list # http://security.debian.org/debian-security stable/updates main contrib non-free # and then run aptwatcher nightly from cron and it'll tell # you when there are security updates to be performed. # # Basic Plan: # 1) apt-get update # 2) run "apt-get dist-upgrade" in "simulation" mode # to see if it wants to upgrade any packages ####################################################################### use strict; ####################################################################### # configuration section ####################################################################### # commands my $AptUpdate = "/usr/bin/apt-get update"; my $AptUpgrade = "/usr/bin/apt-get -qq -s -u dist-upgrade"; # how many times to try before giving up my $MaxUpdateTries = 5; # where to find sendmail my $sendmail = "/usr/sbin/sendmail -t"; # who gets the report my $mailto = "sysadmin\@localhost"; #my $mailto = "sysadmin"; # insert this to make filtering easier # (comment out this line to skip it entirely) my $header = "X-NETOPS: aptwatcher"; ####################################################################### # don't touch stuff below here ####################################################################### # set $PATH since we run under TAINT mode, see "man perltaint" for more $ENV{PATH}="/usr/bin:/usr/sbin:/bin:/sbin"; my $tries = 0; my $done = 0; while (($tries < $MaxUpdateTries) and not ($done)) { $done = 1 if (system("$AptUpdate > /dev/null") == 0); $tries++; } # if not $done, we've run out of tries die "Update command \"$AptUpdate\" failed; I tried $MaxUpdateTries times!" unless $done; $tries = 0; $done = 0; open APT, "$AptUpgrade |" or die "Can't run \"$AptUpgrade\""; my @install; my @configure; my @remove; my @unknown; my %install; while (my $line = ) { chomp($line); my ($action, $pkg, $junk) = split(/ /, $line); if($action eq "Conf") { # decrease verbosity; obviously something which needs # to be installed also needs to be configured push @configure, $pkg unless exists $install{$pkg}; } elsif($action eq "Inst") { push @install, $pkg; # value unimportant; just make sure the hash key exists # (see previous "if" case) $install{$pkg} = 1; } elsif($action eq "Remv") { push @remove, $pkg; } else { push @unknown, $line; } } close APT; # if no packages, we're done exit unless (($#configure > 0) or ($#install > 0) or ($#remove > 0) or ($#unknown > 0) ); open MAIL, "| $sendmail" or die "Can't run \"$sendmail\""; print MAIL "To: $mailto\n"; print MAIL "Subject: " . `hostname --fqdn` . " apt report\n"; print MAIL "$header\n" if defined $header; # end of headers print MAIL "\n\n"; print MAIL "According to \"$AptUpgrade\":\n\n"; if ($#remove > 0) { print MAIL "The following $#remove packages should be removed:\n"; foreach my $pkg (@remove) { print MAIL " $pkg\n"; } print MAIL "\n"; } if ($#install > 0) { print MAIL "The following $#install packages should be installed:\n"; foreach my $pkg (@install) { print MAIL " $pkg\n"; } print MAIL "\n"; } if ($#configure > 0) { print MAIL "The following $#configure packages should be configured:\n"; foreach my $pkg (@configure) { print MAIL " $pkg\n"; } } if ($#unknown > 0) { print MAIL "WARNING :: POSSIBLE SCRIPT ERROR\n"; print MAIL "I didn't understand the following $#unknown messages:\n"; foreach my $msg (@unknown) { print MAIL " $msg\n"; } } print MAIL "-- End of report.\n"; close MAIL;