[Qa-jenkins-scm] [jenkins.debian.net] 02/07: de-duplicate dsa-check-packages
Mattia Rizzolo
mattia at debian.org
Sat Apr 7 14:55:36 UTC 2018
This is an automated email from the git hooks/post-receive script.
mattia pushed a commit to branch master
in repository jenkins.debian.net.
commit 3ee18b503d95684f4ce6bf49090b34676c350cc0
Author: Mattia Rizzolo <mattia at debian.org>
Date: Sat Apr 7 16:28:19 2018 +0200
de-duplicate dsa-check-packages
Signed-off-by: Mattia Rizzolo <mattia at debian.org>
---
.../bpi0-armhf-rb/usr/local/bin/dsa-check-packages | 362 ---------------------
.../cb3a-armhf-rb/usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 0
.../ff2a-armhf-rb/usr/local/bin/dsa-check-packages | 362 ---------------------
.../ff2b-armhf-rb/usr/local/bin/dsa-check-packages | 362 ---------------------
.../ff4a-armhf-rb/usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../hb0-armhf-rb/usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
hosts/jenkins/usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../p64b-armhf-rb/usr/local/bin/dsa-check-packages | 362 ---------------------
.../p64c-armhf-rb/usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../usr/local/bin/dsa-check-packages | 362 ---------------------
.../wbd0-armhf-rb/usr/local/bin/dsa-check-packages | 362 ---------------------
.../wbq0-armhf-rb/usr/local/bin/dsa-check-packages | 362 ---------------------
52 files changed, 18462 deletions(-)
diff --git a/hosts/bpi0-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/bpi0-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/bpi0-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/cb3a-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/cb3a-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/cb3a-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/cbxi4a-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/cbxi4a-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/cbxi4a-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/cbxi4b-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/cbxi4b-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/cbxi4b-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/cbxi4pro0-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/cbxi4pro0-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/cbxi4pro0-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/codethink-sled10-arm64/usr/local/bin/dsa-check-packages b/hosts/codethink-sled10-arm64/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/codethink-sled10-arm64/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/codethink-sled11-arm64/usr/local/bin/dsa-check-packages b/hosts/codethink-sled11-arm64/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/codethink-sled11-arm64/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/codethink-sled12-arm64/usr/local/bin/dsa-check-packages b/hosts/codethink-sled12-arm64/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/codethink-sled12-arm64/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/codethink-sled13-arm64/usr/local/bin/dsa-check-packages b/hosts/codethink-sled13-arm64/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/codethink-sled13-arm64/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/codethink-sled14-arm64/usr/local/bin/dsa-check-packages b/hosts/codethink-sled14-arm64/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/codethink-sled14-arm64/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/codethink-sled15-arm64/usr/local/bin/dsa-check-packages b/hosts/codethink-sled15-arm64/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/codethink-sled15-arm64/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/codethink-sled16-arm64/usr/local/bin/dsa-check-packages b/hosts/codethink-sled16-arm64/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/codethink-sled16-arm64/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/codethink-sled9-arm64/usr/local/bin/dsa-check-packages b/hosts/codethink-sled9-arm64/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/codethink-sled9-arm64/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/bbx15-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/common/usr/local/bin/dsa-check-packages
similarity index 100%
rename from hosts/bbx15-armhf-rb/usr/local/bin/dsa-check-packages
rename to hosts/common/usr/local/bin/dsa-check-packages
diff --git a/hosts/ff2a-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/ff2a-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/ff2a-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/ff2b-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/ff2b-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/ff2b-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/ff4a-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/ff4a-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/ff4a-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/ff64a-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/ff64a-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/ff64a-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/hb0-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/hb0-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/hb0-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/jenkins-test-vm/usr/local/bin/dsa-check-packages b/hosts/jenkins-test-vm/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/jenkins-test-vm/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/jenkins/usr/local/bin/dsa-check-packages b/hosts/jenkins/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/jenkins/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/jtk1a-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/jtk1a-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/jtk1a-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/jtk1b-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/jtk1b-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/jtk1b-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/jtx1a-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/jtx1a-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/jtx1a-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/jtx1b-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/jtx1b-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/jtx1b-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/jtx1c-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/jtx1c-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/jtx1c-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/odu3a-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/odu3a-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/odu3a-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/odxu4a-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/odxu4a-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/odxu4a-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/odxu4b-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/odxu4b-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/odxu4b-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/odxu4c-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/odxu4c-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/odxu4c-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/opi2a-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/opi2a-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/opi2a-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/opi2b-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/opi2b-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/opi2b-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/opi2c-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/opi2c-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/opi2c-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/p64b-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/p64b-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/p64b-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/p64c-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/p64c-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/p64c-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/profitbricks-build1-amd64/usr/local/bin/dsa-check-packages b/hosts/profitbricks-build1-amd64/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/profitbricks-build1-amd64/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/profitbricks-build10-amd64/usr/local/bin/dsa-check-packages b/hosts/profitbricks-build10-amd64/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/profitbricks-build10-amd64/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/profitbricks-build11-amd64/usr/local/bin/dsa-check-packages b/hosts/profitbricks-build11-amd64/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/profitbricks-build11-amd64/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/profitbricks-build12-i386/usr/local/bin/dsa-check-packages b/hosts/profitbricks-build12-i386/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/profitbricks-build12-i386/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/profitbricks-build15-amd64/usr/local/bin/dsa-check-packages b/hosts/profitbricks-build15-amd64/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/profitbricks-build15-amd64/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/profitbricks-build16-i386/usr/local/bin/dsa-check-packages b/hosts/profitbricks-build16-i386/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/profitbricks-build16-i386/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/profitbricks-build2-i386/usr/local/bin/dsa-check-packages b/hosts/profitbricks-build2-i386/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/profitbricks-build2-i386/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/profitbricks-build3-amd64/usr/local/bin/dsa-check-packages b/hosts/profitbricks-build3-amd64/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/profitbricks-build3-amd64/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/profitbricks-build4-amd64/usr/local/bin/dsa-check-packages b/hosts/profitbricks-build4-amd64/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/profitbricks-build4-amd64/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/profitbricks-build5-amd64/usr/local/bin/dsa-check-packages b/hosts/profitbricks-build5-amd64/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/profitbricks-build5-amd64/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/profitbricks-build6-i386/usr/local/bin/dsa-check-packages b/hosts/profitbricks-build6-i386/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/profitbricks-build6-i386/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/profitbricks-build7-amd64/usr/local/bin/dsa-check-packages b/hosts/profitbricks-build7-amd64/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/profitbricks-build7-amd64/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/profitbricks-build9-amd64/usr/local/bin/dsa-check-packages b/hosts/profitbricks-build9-amd64/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/profitbricks-build9-amd64/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/rpi2b-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/rpi2b-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/rpi2b-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/rpi2c-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/rpi2c-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/rpi2c-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/wbd0-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/wbd0-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/wbd0-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/wbq0-armhf-rb/usr/local/bin/dsa-check-packages b/hosts/wbq0-armhf-rb/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5..0000000
--- a/hosts/wbq0-armhf-rb/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter at palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel at stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/qa/jenkins.debian.net.git
More information about the Qa-jenkins-scm
mailing list