Ever had one of those days? You just arrived at work, haven’t yet had your first coffee, and some customers are calling or maybe your boss is standing in your office, asking you about the newest published security issues in e.g. kernel modules, OpenSSH, OpenSSL… whatever… certainly the question if and maybe why we are still affected by this bug is in sight. And maybe why you don’t know about it yet… You definitely don’t like days like this
So this is an approach to prepare you for such situations.
First of all, you need this bash script in /etc/cron.hourly/check-for-updates.
In this state it only supports Debian operating systems. Feel free to add other versions.
#!/bin/bash APTCHECK=`/usr/lib/update-notifier/apt-check 2>&1` if [ "$APTCHECK" == "0;0" ] ; then echo 0 > /var/tmp/updatestatus.txt exit 0 fi echo 1 > /var/tmp/updatestatus.txt
The script creates a file
/var/tmp/updatestatus.txt with content
1 if updates are available.
0 if not.
You also have to extend your snmpd configuration
/etc/snmpd/snmpd.conf with this entry. Reloading snmpd is required!
extend update /bin/cat /var/tmp/updatestatus.txt
Certainly you also need a service definition in ‘’’/etc/poller-configuration.xml’’’.
<service name="Update" interval="300000" user-defined="true" status="on"> <parameter key="retry" value="1"/> <parameter key="timeout" value="3000"/> <parameter key="port" value="161"/> <parameter key="oid" value=".184.108.40.206.4.1.8072.1.3.2.220.127.116.11.18.104.22.168.116.101.1"/> <parameter key="operator" value="<"/> <parameter key="operand" value="1"/> </service> <monitor service="Update" class-name="org.opennms.netmgt.poller.monitors.SnmpMonitor"/>
Finally assign the service
Update to your Debian nodes. And that’s it. The service will go down, if updates are available!
Depending on your environment size and structure it could be a good idea to create a service detectors for both services. One way or the other be careful with these pollers. For the first time you could create a lot of work…