#!/bin/bash # Created by Ian Perry 2021-02-24 usage() { echo " check_updates - Ubuntu Check for System Updates Script" echo "" echo " Usage: check_updates [ -d ]" echo "" echo " -d enable debugging output" } debug=0 while getopts ":h:d" myarg "$@" do case $myarg in h) usage exit 3 ;; d) debug=1; ;; *) esac done # Function for debugging output function dout() { if [[ $debug == "1" ]] ; then echo "$1" fi } # Uses a dry run of apt-get upgrade to count the number of security and non-security updates. # Note: Once apt has been updated on all servers to something more stable (i.e. not running outdated on Ubuntu 14.04) # this should be modified to the following due to proper standards and speed: # nonSecUpdatesAvail=$(apt list --upgradable --quiet=2 | grep -vi security | wc -l) # secUpdatesAvail=$(apt list --upgradable --quiet=2 | grep -i security | wc -l) updatesAvail="$(apt-get upgrade -s --quiet=2 2>&1)" nonSecUpdatesAvail=$(echo $updatesAvail | sed 's/Conf/\n&/g' | sed 's/Inst/\n&/g' | grep -vi security | grep ^Inst | wc -l) secUpdatesAvail=$(echo $updatesAvail | sed 's/Conf/\n&/g' | sed 's/Inst/\n&/g' | grep -i security | grep ^Inst | wc -l) dout "Security updates available: $secUpdatesAvail." dout "Non-Security updates available: $nonSecUpdatesAvail." rebootRequiredFlag=0 # Default # Check to see if a reboot is needed. if [ -e /var/run/reboot-required ]; then dout "Reboot required." rebootRequiredFlag=1 else dout "No reboot required." fi textString="" exitStatus=0 if [[ $secUpdatesAvail > 0 ]]; then textString+="CRITICAL - " exitStatus=2 elif [[ $secUpdatesAvail == 0 ]]; then textString+="OK - " else textString+="UNKNOWN - " exitStatus=3 fi if [[ $rebootRequiredFlag == 1 ]] ; then textString+="REBOOT REQUIRED - " elif [[ $rebootRequiredFlag == 0 ]]; then : else textString+="REBOOT STATUS UNKNOWN - " exitStatus=3 fi textString+="Security updates available: $secUpdatesAvail. Non-Security updates available: $nonSecUpdatesAvail." echo $textString exit $exitStatus