ncc.zabbix_fbsd_templates
11:f5d65a7f34b3
Go to Latest
ncc.zabbix_fbsd_templates/src/aw.fbsd-mon-helper/lib/pkg.sh
* Исправлена деградация в v0.r202410.1 ложноположительное срабатывание мониторинга уязвимостей
2 # Различная статистика по пакетам
4 v_pkg_detail_status="$STATE_ROOT/pkg_detail"
5 v_pkg_update_status="$STATE_ROOT/pkg_update"
6 v_pkg_detail_status_list="${TMP_ROOT}/pkg_detail_status_list"
9 if !
[ -d
"$v_pkg_detail_status" ]; then
10 mkdir
-p
"$v_pkg_detail_status"
12 # Удаляем старые директории, в которые давно не не пишутся данные по пакетам
13 log
"Clean old detail pakages"
14 find
"$v_pkg_detail_status" -type
f
-ctime
+1
-print0
| xargs
-0n
1 rm
-frv
2>
&1 | log
18 # Обновление базы аудита происходит на получении общих данных по пакетам
20 touch
"${v_pkg_detail_status_list}"
23 pkg_get_detail_pkg_list
() {
27 cat
"${USER_MON_PKG_LIST}" | while read vl_buf
; do
28 vl_pkg_name=$(pkg
query
'%n' "${vl_buf}")
29 [ -n
"${vl_pkg_fullname}" ] && echo "${vl_pkg_name}" >>
"${v_pkg_detail_status_list}"
32 service
-e
| awk
'$1 ~ "^/usr/local" {print $1}' | while read vl_buf
; do
33 if !
[ -f
"$vl_buf" ] ; then
37 vl_pkg_name="$(pkg
which
"$vl_buf" | awk
'$0 ~ "was installed by package" {print $6}')"
39 if [ -z
"$vl_pkg_name" ] ; then
40 log
"$vl_buf have no matched pkg"
44 vl_pkg_name="$(pkg
query
'%n' "$vl_pkg_name")"
48 pkg
query
'%rn' "${vl_pkg_name}"
49 pkg
query
'%dn' "${vl_pkg_name}"
50 } >>
"${v_pkg_detail_status_list}"
63 pkg_get_detail_pkg_list
64 cat
"${v_pkg_detail_status_list}" | sort
| uniq
| while read vl_pkg_buf
; do
65 log
"Working with $vl_pkg_buf"
67 vl_pkg_fullname="$(pkg
query
'%n-%v' "${vl_pkg_buf}")"
68 vl_pkg_name="$(pkg
query
'%n' "$vl_pkg_fullname")"
69 vl_pkg_repo="$(pkg
query
'%R' "$vl_pkg_fullname")"
70 vl_pkg_ver="$(pkg
query
'%v' "$vl_pkg_fullname")"
71 vl_pkg_status="$(pkg
version
-r
"$vl_pkg_repo" -qUn
"$vl_pkg_name" | awk
'{print $2}')"
73 case "$vl_pkg_status" in
79 vl_pkg_status="NEED UPDATE"
83 vl_pkg_status="REPO VERSION LOWER"
87 vl_pkg_status="NO PACKAGE IN REPO"
92 log_err
-s
"${vl_pkg_name}: pkg can not compare version of package"
96 log_err
-s
"${vl_pkg_name}: unknown status ${vl_pkg_status}"
102 vl_status_file="${v_pkg_detail_status}/${vl_pkg_name}"
103 pkg
query
'installed=%t\nmainteiner=%m\nsize=%sb\nlocked=%k' "$vl_pkg_fullname" \
104 >
"${vl_status_file}"
106 printf 'ver=%s\nrepo=%s\nstatus=%s\n' "${vl_pkg_ver}" "${vl_pkg_repo}" "${vl_pkg_status}" >>
"$vl_status_file"
107 pkg
audit
"$vl_pkg_fullname" \
108 | awk
'!($0 ~ "[0-9]* problem\\(s\\) in [0-9]* installed package\\(s\\) found") {print $0}' \
109 >
"${vl_status_file}.audit"
114 pkg_check_up_status
() {
115 # Проверка статуса наличия обновления для пакета
119 cat
/dev/null
>
"$v_pkg_update_status"
120 pkg
version
-qUL
= | awk
'$2 != ">" {print $1}' | while read _pkg
; do
121 vl_pkg_name="$(pkg
query
'%n' "${_pkg}")"
122 vl_pkg_repo="$(pkg
query
'%R' "${_pkg}")"
123 log
"Check update for ${vl_pkg_name} in ${vl_pkg_repo}"
124 pkg
version
-Ur
"${vl_pkg_repo}" -n
"${vl_pkg_name}" \
125 | awk
'$2 != ">" && $2 != "=" {print $1}' \
126 | tee
-a
"$v_pkg_update_status" \
127 | awk
'$0 != "" {print "UPDATE STATUS:", $0}' | log
130 pkg
upgrade
-Uqn
| tee
-a
"$v_pkg_update_status" | awk
'$0 != "" {print "PKG UPGRADE:", $0}' | log
139 pkg
audit
-qF
>
"${v_pkg_update_status}.audit"