- Repository
- Munin (master)
- Last change
- 2018-12-02
- Graph Categories
- Family
- manual
- Capabilities
- Keywords
- Language
- Perl
- License
- GPL-2.0-only
- Authors
yum
Name
yum - Munin plugin to monitor pending update packages. It will send/show a critical warning, if security updates are pending.
Applicable Systems
Linux distributions that use yum as software package management tool.
Configuration
The plugin will not show up in the Munin website per default as it contains information that is useful for any attacker.
That is done by the following config directive:
# munin-run yum config
graph no
If you have password protected your Munin website and trust your known visitors you can make graph and more information visible by setting the following environment variables in the plugins configuration.
shownames - set to value 1, if you want to see the names of the pending packages in the field ‘pending.extinfo’
showgraph - set to value ‘yes’, if you want the plugins graph to show up in Munin website. Remove or comment the declaration of env.showgraph in plugin-conf.d if you want to hide the plugins graph again.
Example
[yum] env.showgraph yes env.shownames 0
Special Yum Plugin Needed
Package yum-plugin-security is needed as this Munin plugin investigates how many security updates are pending.
Install the package with the command:
# yum install yum-plugin-security
Cronjob
A cronjob has to be run outside of Munin to create and freshen up the plugins statefile with recent info from yum. Therein the plugin is called with the ‘update’ option.
E.g. place a file with the following line in directory /etc/crond.d/:
# Do not start at the same time like munin-cron,
# as both will access the plugins statefile
38 */6 * * * root /usr/sbin/munin-run yum update
Author
Copyright 2006 Dagfinn Ilmari Mannsåker ilmari@lonres.com
Copyright 2014 Gabriele Pohl contact@dipohl.de
License
GPLv2
Magic Markers
#%# family=manual
#%# capabilities=autoconf
#!/usr/bin/perl -w
=encoding utf8
=head1 NAME
yum - Munin plugin to monitor pending update packages.
It will send/show a critical warning, if security updates are pending.
=head1 APPLICABLE SYSTEMS
Linux distributions that use yum as software package management tool.
=head1 CONFIGURATION
The plugin will not show up in the Munin website per default
as it contains information that is useful for any attacker.
That is done by the following config directive:
=over 2
# munin-run yum config
B<graph no>
=back
If you have password protected your Munin website and trust
your known visitors you can make graph and more information
visible by setting the following environment variables in the plugins configuration.
=over 2
shownames - set to value 1, if you want to see the names of the pending packages in the field 'pending.extinfo'
showgraph - set to value 'yes', if you want the plugins graph to show up in Munin website.
Remove or comment the declaration of env.showgraph in plugin-conf.d if you want to
hide the plugins graph again.
=back
B<Example>
=over 2
[yum]
env.showgraph yes
env.shownames 0
=back
=head2 SPECIAL YUM PLUGIN NEEDED
Package yum-plugin-security is needed as this Munin plugin investigates
how many security updates are pending.
Install the package with the command:
# yum install yum-plugin-security
=head2 CRONJOB
A cronjob has to be run outside of Munin to create and freshen up the
plugins statefile with recent info from yum.
Therein the plugin is called with the 'update' option.
E.g. place a file with the following line in directory /etc/crond.d/:
# Do not start at the same time like munin-cron,
# as both will access the plugins statefile
38 */6 * * * root /usr/sbin/munin-run yum update
=head1 AUTHOR
Copyright 2006 Dagfinn Ilmari Mannsåker <ilmari@lonres.com>
Copyright 2014 Gabriele Pohl <contact@dipohl.de>
=head1 LICENSE
GPLv2
=head1 MAGIC MARKERS
#%# family=manual
#%# capabilities=autoconf
=cut
use strict;
my $counter=0;
my $statefile = "$ENV{MUNIN_PLUGSTATE}/yum.state";
sub update {
if (-l $statefile) {
die "$statefile is a symlink, not touching.\n";
}
open my $state, '>', $statefile
or die "Can't open $statefile for writing: $!\n";
# Get number of security updates
open my $yum, '-|', 'yum -q --security list updates'
or die "Can't run 'yum -q --security list updates': $!";
while (<$yum>) {
next unless /^(\S+)\.\S+\s+\S+\s+\S+/;
$counter++;
}
print $state "$counter pending security updates\n";
close $yum or die "Error running 'yum -q --security list updates': $!\n";
open $yum, '-|', 'yum -q list updates'
or die "Can't run 'yum -q list updates': $!";
while (<$yum>) {
next unless /^(\S+)\.\S+\s+\S+\s+\S+/;
print $state "$1\n";
}
close $yum or die "Error running 'yum -q list updates': $!\n";
close $state or die "Error writing $statefile: $!\n";
}
sub autoconf {
if (system('yum --version >/dev/null 2>/dev/null') != 0) {
print "no (Could not run yum)\n";
}
elsif (! -r $statefile) {
print "no (Could not find statefile. Please read 'munindoc yum')\n";
}
else {
print "yes\n";
}
exit 0;
}
sub config {
my $showgraph = exists $ENV{'showgraph'} ? 'yes' : 'no';
print "graph_title Pending Updates\n";
print "graph_category security\n";
print "graph ", $showgraph, "\n";
print "security.label security\n";
print "security.info Number of pending security updates\n";
print "security.draw AREA\n";
print "security.colour COLOUR2\n";
print "security.critical 0\n";
print "pending.label pending\n";
print "pending.info Number of all pending updates (including security updates)\n";
print "pending.draw LINE2\n";
print "pending.warning 20\n";
}
sub report {
my @packages;
open my $state, '<', $statefile
or die "Can't open $statefile for reading: $!
Please read 'munindoc yum' to understand why if the file does not exist.\n";
# read number of security updates in first line
my $line = <$state>;
if ($line =~ /^(\d+) pending security updates$/) {
print 'security.value ', $1, "\n";
} else {
die "Missing info about pending security updates in plugins statefile\n";
}
chomp(@packages = <$state>);
close $state;
print 'pending.value ', scalar(@packages), "\n";
if (exists $ENV{'shownames'}) {
print 'pending.extinfo ', join(' ', @packages), "\n"
if (@packages && ($ENV{'shownames'} eq 1));
}
}
if ($ARGV[0]) {
my $arg = $ARGV[0];
my %funcs = (
update => \&update,
config => \&config,
autoconf => \&autoconf,
);
if (exists $funcs{$arg}) {
$funcs{$arg}->();
} else {
die "Unknown argument '$arg'\n";
}
} else {
report();
}