File Coverage

blib/lib/OpenServices/SNMP/Plugin/Updates.pm

Criterion	Covered	Total	%
statement	9	11	81.8
branch			n/a
condition			n/a
subroutine	4	4	100.0
pod			n/a
total	13	15	86.6

line	stmt	sub	time	code
1				package OpenServices::SNMP::Plugin::Updates;
2
3	1	1	37879	use 5.006;
	1		5
4	1	1	6	use strict;
	1		2
	1		29
5	1	1	5	use warnings FATAL => 'all';
	1		8
	1		44
6
7	1	1	874	use NetSNMP::agent qw(:all);
	0
	0
8				use NetSNMP::ASN qw(:all);
9
10				use XML::XPath;
11
12				my $cache = {};
13
14				=head1 NAME
15
16				OpenServices::SNMP::Plugin::Updates - Expose pending security updates over SNMP
17
18				=head1 VERSION
19
20				Version 1.0.3
21
22				=cut
23
24				our $VERSION = '1.0.3';
25
26				=head1 BASE OID
27
28				NetSNMP::OID(".1.3.6.1.4.1.36425.256.2");
29
30				=cut
31
32				our $BASEOID = new NetSNMP::OID(".1.3.6.1.4.1.36425.256.2");
33
34
35				=head1 SYNOPSIS
36
37				Extend net-snmp agent to report pending security updates.
38
39				Currently supported distributions:
40				* GNU/Debian (apt-get)
41				* RHEL/Fedora/CentOS (yum)
42				* SLES/SLED/OpenSuSE (zypper)
43
44				To load the module in snmpd add the following line to snmpd.conf.
45
46				perl require OpenServices::SNMP::Plugin; OpenServices::SNMP::Plugin->init($agent);
47
48				Or use OpenServices::SNMP for a convenient loader.
49
50				It exposes the number of pending updates on the OID 1.3.6.1.4.1.36425.256.2 and each separate package with its name on OID
51				1.3.6.1.4.1.36425.256.2..
52
53				=head1 SUBROUTINES/METHODS
54
55				=head2 init
56
57				=cut
58
59				sub init {
60				my ($self, $agent) = @_;
61				if (!$agent) {
62				print STDERR "No \$agent defined\n";
63				print STDERR "Please check your snmp_perl.pl that should be included in your net-snmp distribution.\n";
64				exit 1;
65				}
66
67				printf STDERR "Registering %s handler.\n", __PACKAGE__;
68				# Prepopulate the cache.
69				check();
70				$agent->register(__PACKAGE__, $BASEOID, \&handler);
71				}
72
73				=head2 check
74
75				=cut
76
77				sub check {
78				my %distributions = (
79				'/usr/bin/apt-get' => sub {
80				my $output = qx/apt-get upgrade -s/;
81				my @packages;
82				foreach my $line (split /\n/, $output) {
83				if (my ($name, $version) = $line =~ /^Inst (\S+) \[\S+\] $(\S+) (?:Debian:security\|Debian-Security:\d+\/\w+) \[\S+\]$/) {
84				push @packages, "$name-$version";
85				}
86				}
87				return @packages;
88				},
89				'/usr/bin/zypper' => sub {
90				my $output = qx/zypper -x -n -A -q list-patches -g security/;
91				my $xp = XML::XPath->new(xml => $output);
92				my $nodeset = $xp->find('/stream/update-status/update-list/update[@category="security" and @pkgmanager="false"]');
93				return map {$_->getAttribute("name")} $nodeset->get_nodelist;
94				},
95				'/usr/bin/yum' => sub {
96				my $output = qx/yum list-security -y/;
97				my @packages;
98				foreach my $line (split /\n/, $output) {
99				if (my ($name) = $line =~ /^\w+-\d+[:-]\d+ \S+ (\S+)$/) {
100				push @packages, $name;
101				}
102				}
103				return @packages;
104				}
105				);
106				my $updates = {};
107				my $counter = 0;
108				foreach my $binary (keys %distributions) {
109				if (-e $binary) {
110				my @packages;
111				if (exists $cache->{$binary} && $cache->{$binary}->{last} > time() - 3600) {
112				@packages = @{$cache->{$binary}->{packages}};
113				} else {
114				@packages = sort $distributions{$binary}->();
115				$cache->{$binary} = {
116				last => time(),
117				packages => \@packages,
118				};
119				}
120				foreach (@packages) {
121				$updates->{$counter} = $_;
122				print STDERR "Pending security update: $_\n";
123				$counter++;
124				}
125				}
126				}
127				return $updates;
128				}
129
130				=head2 handler
131
132				=cut
133
134				sub handler {
135				my ($handler, $registration_info, $request_info, $requests) = @_;
136				my $request;
137
138				my $updates = check();
139				my $size = keys %$updates;
140
141				for($request = $requests; $request; $request = $request->next()) {
142				my $oid = $request->getOID();
143				if ($request_info->getMode() == MODE_GET) {
144				if ($oid == $BASEOID) {
145				$request->setValue(ASN_INTEGER, $size);
146				} else {
147				foreach my $package_oid (sort {$a <=> $b} keys %$updates) {
148				if ($oid == $BASEOID + ".$package_oid") {
149				$request->setValue(ASN_OCTET_STR, $updates->{$package_oid});
150				}
151				}
152				}
153				} elsif ($request_info->getMode() == MODE_GETNEXT) {
154				if ($oid < $BASEOID) {
155				$request->setOID($BASEOID);
156				$request->setValue(ASN_INTEGER, $size);
157				} else {
158				foreach my $package_oid (sort {$a <=> $b} keys %$updates) {
159				if ($oid < $BASEOID + ".$package_oid") {
160				$request->setOID($BASEOID + ".$package_oid");
161				$request->setValue(ASN_OCTET_STR, $updates->{$package_oid});
162				last;
163				}
164				}
165				}
166				}
167				}
168				}
169				=head1 AUTHOR
170
171				Michael Fladischer, C<< >>
172
173				=head1 BUGS
174
175				Please report any bugs or feature requests to C, or through
176				the web interface at L. I will be notified, and then you'll
177				automatically be notified of progress on your bug as I make changes.
178
179
180
181
182				=head1 SUPPORT
183
184				You can find documentation for this module with the perldoc command.
185
186				perldoc OpenServices::SNMP::Plugin::Updates
187
188
189				You can also look for information at:
190
191				=over 4
192
193				=item * RT: CPAN's request tracker (report bugs here)
194
195				L
196
197				=item * AnnoCPAN: Annotated CPAN documentation
198
199				L
200
201				=item * CPAN Ratings
202
203				L
204
205				=item * Search CPAN
206
207				L
208
209				=back
210
211
212				=head1 ACKNOWLEDGEMENTS
213
214
215				=head1 LICENSE AND COPYRIGHT
216
217				Copyright 2014 Michael Fladischer.
218
219				This program is free software; you can redistribute it and/or modify it
220				under the terms of the the Artistic License (2.0). You may obtain a
221				copy of the full license at:
222
223				L
224
225				Any use, modification, and distribution of the Standard or Modified
226				Versions is governed by this Artistic License. By using, modifying or
227				distributing the Package, you accept this license. Do not use, modify,
228				or distribute the Package, if you do not accept this license.
229
230				If your Modified Version has been derived from a Modified Version made
231				by someone other than you, you are nevertheless required to ensure that
232				your Modified Version complies with the requirements of this license.
233
234				This license does not grant you the right to use any trademark, service
235				mark, tradename, or logo of the Copyright Holder.
236
237				This license includes the non-exclusive, worldwide, free-of-charge
238				patent license to make, have made, use, offer to sell, sell, import and
239				otherwise transfer the Package with respect to any patent claims
240				licensable by the Copyright Holder that are necessarily infringed by the
241				Package. If you institute patent litigation (including a cross-claim or
242				counterclaim) against any party alleging that the Package constitutes
243				direct or contributory patent infringement, then this Artistic License
244				to you shall terminate on the date that such litigation is filed.
245
246				Disclaimer of Warranty: THE PACKAGE IS PROVIDED BY THE COPYRIGHT HOLDER
247				AND CONTRIBUTORS "AS IS' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES.
248				THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
249				PURPOSE, OR NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT PERMITTED BY
250				YOUR LOCAL LAW. UNLESS REQUIRED BY LAW, NO COPYRIGHT HOLDER OR
251				CONTRIBUTOR WILL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR
252				CONSEQUENTIAL DAMAGES ARISING IN ANY WAY OUT OF THE USE OF THE PACKAGE,
253				EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
254
255
256				=cut
257
258				1; # End of OpenServices::SNMP::Plugin::Updates