ncc.zabbix_fbsd_templates
ncc.zabbix_fbsd_templates/src/aw.fbsd-mon-helper/lib/pkg.sh
.. v1.r202602.4 * Исправлена ошибка с неверным перенаправлением логов ошибок, приводящая к отправке сообщений не в файл, а в демону cron * Если в результате плохой связности не удалось оюновить базы данных пакетов или аудита, не делаем ничего с имеющимися данными. Это позаоляет не флапать мониторингом на плохих каналах.
| awgur@0 | 1 #!/bin/sh |
| awgur@0 | 2 # Различная статистика по пакетам |
| awgur@0 | 3 |
| awgur@0 | 4 v_pkg_detail_status="$STATE_ROOT/pkg_detail" |
| awgur@15 | 5 v_pkg_detail_status_tmp="${TMP_ROOT}/pkg_detail" |
| awgur@15 | 6 |
| awgur@17 | 7 v_pkg_update_status="${TMP_ROOT}/pkg_update" |
| awgur@25 | 8 v_pkg_update_status_subs="${TMP_ROOT}/pkg_update.subs" |
| awgur@17 | 9 v_pkg_update_status_res="${STATE_ROOT}/pkg_update" |
| awgur@10 | 10 v_pkg_detail_status_list="${TMP_ROOT}/pkg_detail_status_list" |
| awgur@0 | 11 |
| awgur@0 | 12 pkg_init () { |
| awgur@0 | 13 if ! [ -d "$v_pkg_detail_status" ]; then |
| awgur@0 | 14 mkdir -p "$v_pkg_detail_status" |
| awgur@0 | 15 fi |
| awgur@15 | 16 |
| awgur@25 | 17 if ! [ -d "${v_pkg_detail_status_tmp}" ]; then |
| awgur@15 | 18 mkdir -p "${v_pkg_detail_status_tmp}" |
| awgur@15 | 19 fi |
| awgur@15 | 20 |
| awgur@25 | 21 if ! [ -d "${v_pkg_update_status_subs}" ]; then |
| awgur@25 | 22 mkdir -p "${v_pkg_update_status_subs}" |
| awgur@25 | 23 fi |
| awgur@25 | 24 |
| awgur@0 | 25 log "Update pakages" |
| awgur@25 | 26 ( |
| awgur@25 | 27 pkg update 2>&1 |
| awgur@25 | 28 echo $? > "${v_pkg_update_status_subs}/pkg_update" |
| awgur@25 | 29 |
| awgur@25 | 30 ) | log |
| awgur@0 | 31 # Обновление базы аудита происходит на получении общих данных по пакетам |
| awgur@10 | 32 |
| awgur@10 | 33 touch "${v_pkg_detail_status_list}" |
| awgur@10 | 34 } |
| awgur@10 | 35 |
| awgur@21 | 36 |
| awgur@10 | 37 pkg_get_detail_pkg_list () { |
| awgur@11 | 38 local vl_pkg_name |
| awgur@10 | 39 local vl_buf |
| awgur@10 | 40 |
| awgur@10 | 41 cat "${USER_MON_PKG_LIST}" | while read vl_buf; do |
| awgur@11 | 42 vl_pkg_name=$(pkg query '%n' "${vl_buf}") |
| awgur@11 | 43 [ -n "${vl_pkg_fullname}" ] && echo "${vl_pkg_name}" >> "${v_pkg_detail_status_list}" |
| awgur@10 | 44 done |
| awgur@10 | 45 |
| awgur@10 | 46 service -e | awk '$1 ~ "^/usr/local" {print $1}' | while read vl_buf; do |
| awgur@10 | 47 if ! [ -f "$vl_buf" ] ; then |
| awgur@10 | 48 continue |
| awgur@10 | 49 fi |
| awgur@10 | 50 |
| awgur@11 | 51 vl_pkg_name="$(pkg which "$vl_buf" | awk '$0 ~ "was installed by package" {print $6}')" |
| awgur@10 | 52 |
| awgur@11 | 53 if [ -z "$vl_pkg_name" ] ; then |
| awgur@10 | 54 log "$vl_buf have no matched pkg" |
| awgur@10 | 55 continue |
| awgur@10 | 56 fi |
| awgur@10 | 57 |
| awgur@11 | 58 vl_pkg_name="$(pkg query '%n' "$vl_pkg_name")" |
| awgur@11 | 59 |
| awgur@10 | 60 { |
| awgur@11 | 61 echo "${vl_pkg_name}" |
| awgur@11 | 62 pkg query '%rn' "${vl_pkg_name}" |
| awgur@11 | 63 pkg query '%dn' "${vl_pkg_name}" |
| awgur@10 | 64 } >> "${v_pkg_detail_status_list}" |
| awgur@10 | 65 done |
| awgur@0 | 66 } |
| awgur@0 | 67 |
| awgur@21 | 68 |
| awgur@0 | 69 pkg_make_detail () { |
| awgur@11 | 70 local vl_pkg_buf |
| awgur@4 | 71 local vl_pkg_fullname |
| awgur@0 | 72 local vl_pkg_repo |
| awgur@0 | 73 local vl_pkg_name |
| awgur@0 | 74 local vl_pkg_ver |
| awgur@0 | 75 local vl_status_file |
| awgur@15 | 76 local vl_status_tmp_file |
| awgur@0 | 77 local vl_pkg_status |
| awgur@0 | 78 |
| awgur@10 | 79 pkg_get_detail_pkg_list |
| awgur@11 | 80 cat "${v_pkg_detail_status_list}" | sort | uniq | while read vl_pkg_buf; do |
| awgur@11 | 81 log "Working with $vl_pkg_buf" |
| awgur@0 | 82 |
| awgur@11 | 83 vl_pkg_fullname="$(pkg query '%n-%v' "${vl_pkg_buf}")" |
| awgur@23 | 84 |
| awgur@23 | 85 if [ -z "${vl_pkg_fullname}" ] ; then |
| awgur@23 | 86 log_err "${vl_pkg_buf} not found in pkg database" |
| awgur@23 | 87 continue |
| awgur@23 | 88 fi |
| awgur@23 | 89 |
| awgur@10 | 90 vl_pkg_name="$(pkg query '%n' "$vl_pkg_fullname")" |
| awgur@10 | 91 vl_pkg_repo="$(pkg query '%R' "$vl_pkg_fullname")" |
| awgur@10 | 92 vl_pkg_ver="$(pkg query '%v' "$vl_pkg_fullname")" |
| awgur@15 | 93 vl_pkg_status="$(pkg version -r "$vl_pkg_repo" -qUn "$vl_pkg_name" | tail -n 1 | awk '{print $2}')" |
| awgur@0 | 94 |
| awgur@10 | 95 case "$vl_pkg_status" in |
| awgur@10 | 96 = ) |
| awgur@10 | 97 vl_pkg_status=OK |
| awgur@10 | 98 ;; |
| awgur@0 | 99 |
| awgur@10 | 100 "<" ) |
| awgur@10 | 101 vl_pkg_status="NEED UPDATE" |
| awgur@10 | 102 ;; |
| awgur@0 | 103 |
| awgur@10 | 104 ">" ) |
| awgur@10 | 105 vl_pkg_status="REPO VERSION LOWER" |
| awgur@10 | 106 ;; |
| awgur@0 | 107 |
| awgur@10 | 108 "?" ) |
| awgur@10 | 109 vl_pkg_status="NO PACKAGE IN REPO" |
| awgur@10 | 110 ;; |
| awgur@0 | 111 |
| awgur@10 | 112 "!" ) |
| awgur@10 | 113 vl_pkg_status="ERROR" |
| awgur@10 | 114 log_err -s "${vl_pkg_name}: pkg can not compare version of package" |
| awgur@10 | 115 ;; |
| awgur@0 | 116 |
| awgur@10 | 117 * ) |
| awgur@10 | 118 log_err -s "${vl_pkg_name}: unknown status ${vl_pkg_status}" |
| awgur@10 | 119 vl_pkg_status="ERROR" |
| awgur@10 | 120 ;; |
| awgur@0 | 121 |
| awgur@10 | 122 esac |
| awgur@0 | 123 |
| awgur@10 | 124 vl_status_file="${v_pkg_detail_status}/${vl_pkg_name}" |
| awgur@15 | 125 vl_status_tmp_file="${v_pkg_detail_status_tmp}/${vl_pkg_name}" |
| awgur@15 | 126 |
| awgur@10 | 127 pkg query 'installed=%t\nmainteiner=%m\nsize=%sb\nlocked=%k' "$vl_pkg_fullname" \ |
| awgur@15 | 128 > "${vl_status_tmp_file}" |
| awgur@0 | 129 |
| awgur@15 | 130 printf 'ver=%s\nrepo=%s\nstatus=%s\n' "${vl_pkg_ver}" "${vl_pkg_repo}" "${vl_pkg_status}" >> "$vl_status_tmp_file" |
| awgur@15 | 131 |
| awgur@15 | 132 ( |
| awgur@15 | 133 if [ -n "$(pkg audit -q "$vl_pkg_fullname")" ]; then |
| awgur@15 | 134 pkg audit "$vl_pkg_fullname" |
| awgur@15 | 135 fi |
| awgur@15 | 136 ) > "${vl_status_tmp_file}.audit" |
| awgur@15 | 137 |
| awgur@15 | 138 mv -f "${vl_status_tmp_file}" "${vl_status_file}" |
| awgur@15 | 139 mv -f "${vl_status_tmp_file}.audit" "${vl_status_file}.audit" |
| awgur@10 | 140 done |
| awgur@0 | 141 } |
| awgur@0 | 142 |
| awgur@21 | 143 |
| awgur@6 | 144 pkg_check_up_status () { |
| awgur@6 | 145 # Проверка статуса наличия обновления для пакета |
| awgur@7 | 146 local vl_pkg_name |
| awgur@7 | 147 local vl_pkg_repo |
| awgur@6 | 148 |
| awgur@6 | 149 cat /dev/null > "$v_pkg_update_status" |
| awgur@6 | 150 pkg version -qUL = | awk '$2 != ">" {print $1}' | while read _pkg; do |
| awgur@7 | 151 vl_pkg_name="$(pkg query '%n' "${_pkg}")" |
| awgur@7 | 152 vl_pkg_repo="$(pkg query '%R' "${_pkg}")" |
| awgur@8 | 153 log "Check update for ${vl_pkg_name} in ${vl_pkg_repo}" |
| awgur@7 | 154 pkg version -Ur "${vl_pkg_repo}" -n "${vl_pkg_name}" \ |
| awgur@16 | 155 | awk '$2 == "!" || $2 == "<" || $2 == "?" {print $1}' \ |
| awgur@9 | 156 | tee -a "$v_pkg_update_status" \ |
| awgur@9 | 157 | awk '$0 != "" {print "UPDATE STATUS:", $0}' | log |
| awgur@6 | 158 done |
| awgur@8 | 159 |
| awgur@8 | 160 pkg upgrade -Uqn | tee -a "$v_pkg_update_status" | awk '$0 != "" {print "PKG UPGRADE:", $0}' | log |
| awgur@17 | 161 mv -f "$v_pkg_update_status" "$v_pkg_update_status_res" |
| awgur@17 | 162 |
| awgur@6 | 163 } |
| awgur@6 | 164 |
| awgur@21 | 165 |
| awgur@18 | 166 pkg_check_pkg_binary () { |
| awgur@18 | 167 # Проверяет, нет ли в системе других запущенных приложений pkg. |
| awgur@18 | 168 # Необходимо, чтобы не мешать оперативным процессам обновления |
| awgur@18 | 169 |
| awgur@18 | 170 { |
| awgur@18 | 171 ps -Ao comm | awk '$1 == "pkg" {print $1}' | wc -l | tr -d ' ' |
| awgur@18 | 172 } 2>/dev/null |
| awgur@18 | 173 |
| awgur@18 | 174 } |
| awgur@18 | 175 |
| awgur@21 | 176 |
| awgur@21 | 177 pkg_finaly () { |
| awgur@21 | 178 # Процедура завершения обработки пакетов |
| awgur@21 | 179 |
| awgur@21 | 180 # - |
| awgur@21 | 181 # Удаляем старые файлы, в которые давно не не пишутся данные по пакетам |
| awgur@25 | 182 if [ "$(cat "${v_pkg_update_status_subs}/pkg_update")" -eq 0 ] ; then |
| awgur@25 | 183 log "Clean old files -- detail and audit pakages" |
| awgur@25 | 184 find "$v_pkg_detail_status" -type f -cmin +30 -print0 | xargs -0n 1 rm -frv 2>&1 | log |
| awgur@25 | 185 |
| awgur@25 | 186 else |
| awgur@25 | 187 log "WARN: pkg update end with error, do nothing" |
| awgur@25 | 188 fi |
| awgur@21 | 189 } |
| awgur@21 | 190 |
| awgur@21 | 191 |
| awgur@0 | 192 pkg_do () { |
| awgur@18 | 193 local _other_pkgs |
| awgur@18 | 194 |
| awgur@0 | 195 log_start "pkg_do" |
| awgur@0 | 196 |
| awgur@18 | 197 _other_pkgs="$(pkg_check_pkg_binary)" |
| awgur@18 | 198 |
| awgur@18 | 199 if [ "$_other_pkgs" -ne 0 ] ; then |
| awgur@18 | 200 log "Pakages update check fail: other '${_other_pkgs}' binary working" |
| awgur@18 | 201 ps -Ao comm,ppid,pid,time | awk '$1 == "pkg" {print $0}' | log |
| awgur@6 | 202 |
| awgur@18 | 203 else |
| awgur@18 | 204 pkg_init |
| awgur@0 | 205 |
| awgur@25 | 206 if [ "$(cat "${v_pkg_update_status_subs}/pkg_update")" -ne 0 ] ; then |
| awgur@25 | 207 log_err "Error on update packages. pkg update status: $(cat "${v_pkg_update_status_subs}/pkg_update")" |
| awgur@25 | 208 |
| awgur@25 | 209 else |
| awgur@25 | 210 pkg_check_up_status |
| awgur@25 | 211 pkg_make_detail |
| awgur@25 | 212 fi |
| awgur@25 | 213 |
| awgur@25 | 214 pkg audit -qrF \ |
| awgur@25 | 215 > "${v_pkg_update_status}.audit" \ |
| awgur@25 | 216 2> "${v_pkg_update_status_subs}/pkg_audit_err" |
| awgur@18 | 217 |
| awgur@25 | 218 # Финт ушами, поскольку pkg audit возвращает 1 если всё нормально, но есть пакеты с уязвимостями |
| awgur@25 | 219 # и если не всё нормально тоже... |
| awgur@25 | 220 if [ "$(cat "${v_pkg_update_status_subs}/pkg_audit_err" | wc -l)" -eq 0 ] ; then |
| awgur@25 | 221 mv -f "${v_pkg_update_status}.audit" "${v_pkg_update_status_res}.audit" |
| awgur@25 | 222 |
| awgur@25 | 223 else |
| awgur@25 | 224 log_err "Error on fetch vuln data. pkg audit err:" |
| awgur@25 | 225 cat "${v_pkg_update_status_subs}/pkg_audit_err" | awk '{print "PKG AUDIT ERR:", $0}' | log_err |
| awgur@25 | 226 touch "${v_pkg_update_status_res}.audit" |
| awgur@25 | 227 fi |
| awgur@25 | 228 |
| awgur@18 | 229 fi |
| awgur@0 | 230 |
| awgur@21 | 231 pkg_finaly |
| awgur@0 | 232 log_end |
| awgur@0 | 233 } |