line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package OpenServices::SNMP::Plugin::Updates; |
2
|
|
|
|
|
|
|
|
3
|
1
|
|
|
1
|
|
13734
|
use 5.006; |
|
1
|
|
|
|
|
4
|
|
4
|
1
|
|
|
1
|
|
5
|
use strict; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
19
|
|
5
|
1
|
|
|
1
|
|
4
|
use warnings FATAL => 'all'; |
|
1
|
|
|
|
|
5
|
|
|
1
|
|
|
|
|
33
|
|
6
|
|
|
|
|
|
|
|
7
|
1
|
|
|
1
|
|
164
|
use NetSNMP::agent qw(:all); |
|
0
|
|
|
|
|
|
|
|
0
|
|
|
|
|
|
|
8
|
|
|
|
|
|
|
use NetSNMP::ASN qw(:all); |
9
|
|
|
|
|
|
|
|
10
|
|
|
|
|
|
|
use XML::XPath; |
11
|
|
|
|
|
|
|
|
12
|
|
|
|
|
|
|
my $cache = {}; |
13
|
|
|
|
|
|
|
|
14
|
|
|
|
|
|
|
=head1 NAME |
15
|
|
|
|
|
|
|
|
16
|
|
|
|
|
|
|
OpenServices::SNMP::Plugin::Updates - Expose pending security updates over SNMP |
17
|
|
|
|
|
|
|
|
18
|
|
|
|
|
|
|
=head1 VERSION |
19
|
|
|
|
|
|
|
|
20
|
|
|
|
|
|
|
Version 1.0.4 |
21
|
|
|
|
|
|
|
|
22
|
|
|
|
|
|
|
=cut |
23
|
|
|
|
|
|
|
|
24
|
|
|
|
|
|
|
our $VERSION = '1.0.4'; |
25
|
|
|
|
|
|
|
|
26
|
|
|
|
|
|
|
=head1 BASE OID |
27
|
|
|
|
|
|
|
|
28
|
|
|
|
|
|
|
NetSNMP::OID(".1.3.6.1.4.1.36425.256.2"); |
29
|
|
|
|
|
|
|
|
30
|
|
|
|
|
|
|
=cut |
31
|
|
|
|
|
|
|
|
32
|
|
|
|
|
|
|
our $BASEOID = new NetSNMP::OID(".1.3.6.1.4.1.36425.256.2"); |
33
|
|
|
|
|
|
|
|
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
=head1 SYNOPSIS |
36
|
|
|
|
|
|
|
|
37
|
|
|
|
|
|
|
Extend net-snmp agent to report pending security updates. |
38
|
|
|
|
|
|
|
|
39
|
|
|
|
|
|
|
Currently supported distributions: |
40
|
|
|
|
|
|
|
* GNU/Debian (apt-get) |
41
|
|
|
|
|
|
|
* RHEL/Fedora/CentOS (yum) |
42
|
|
|
|
|
|
|
* SLES/SLED/OpenSuSE (zypper) |
43
|
|
|
|
|
|
|
|
44
|
|
|
|
|
|
|
To load the module in snmpd add the following line to snmpd.conf. |
45
|
|
|
|
|
|
|
|
46
|
|
|
|
|
|
|
perl require OpenServices::SNMP::Plugin; OpenServices::SNMP::Plugin->init($agent); |
47
|
|
|
|
|
|
|
|
48
|
|
|
|
|
|
|
Or use OpenServices::SNMP for a convenient loader. |
49
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
|
It exposes the number of pending updates on the OID 1.3.6.1.4.1.36425.256.2 and each separate package with its name on OID |
51
|
|
|
|
|
|
|
1.3.6.1.4.1.36425.256.2.. |
52
|
|
|
|
|
|
|
|
53
|
|
|
|
|
|
|
=head1 SUBROUTINES/METHODS |
54
|
|
|
|
|
|
|
|
55
|
|
|
|
|
|
|
=head2 init |
56
|
|
|
|
|
|
|
|
57
|
|
|
|
|
|
|
=cut |
58
|
|
|
|
|
|
|
|
59
|
|
|
|
|
|
|
sub init { |
60
|
|
|
|
|
|
|
my ($self, $agent) = @_; |
61
|
|
|
|
|
|
|
if (!$agent) { |
62
|
|
|
|
|
|
|
print STDERR "No \$agent defined\n"; |
63
|
|
|
|
|
|
|
print STDERR "Please check your snmp_perl.pl that should be included in your net-snmp distribution.\n"; |
64
|
|
|
|
|
|
|
exit 1; |
65
|
|
|
|
|
|
|
} |
66
|
|
|
|
|
|
|
|
67
|
|
|
|
|
|
|
printf STDERR "Registering %s handler.\n", __PACKAGE__; |
68
|
|
|
|
|
|
|
# Prepopulate the cache. |
69
|
|
|
|
|
|
|
check(); |
70
|
|
|
|
|
|
|
$agent->register(__PACKAGE__, $BASEOID, \&handler); |
71
|
|
|
|
|
|
|
} |
72
|
|
|
|
|
|
|
|
73
|
|
|
|
|
|
|
=head2 check |
74
|
|
|
|
|
|
|
|
75
|
|
|
|
|
|
|
=cut |
76
|
|
|
|
|
|
|
|
77
|
|
|
|
|
|
|
sub check { |
78
|
|
|
|
|
|
|
my %distributions = ( |
79
|
|
|
|
|
|
|
'/usr/bin/apt-get' => sub { |
80
|
|
|
|
|
|
|
my $output = qx/apt-get upgrade -s/; |
81
|
|
|
|
|
|
|
my @packages; |
82
|
|
|
|
|
|
|
foreach my $line (split /\n/, $output) { |
83
|
|
|
|
|
|
|
if (my ($name, $version) = $line =~ /^Inst (\S+) \[\S+\] \((\S+) (?:Debian:security|Debian-Security:\d+\/\w+) \[\S+\]\)/) { |
84
|
|
|
|
|
|
|
push @packages, "$name-$version"; |
85
|
|
|
|
|
|
|
} |
86
|
|
|
|
|
|
|
} |
87
|
|
|
|
|
|
|
return @packages; |
88
|
|
|
|
|
|
|
}, |
89
|
|
|
|
|
|
|
'/usr/bin/zypper' => sub { |
90
|
|
|
|
|
|
|
my $output = qx/zypper -x -n -A -q list-patches -g security/; |
91
|
|
|
|
|
|
|
my $xp = XML::XPath->new(xml => $output); |
92
|
|
|
|
|
|
|
my $nodeset = $xp->find('/stream/update-status/update-list/update[@category="security" and @pkgmanager="false"]'); |
93
|
|
|
|
|
|
|
return map {$_->getAttribute("name")} $nodeset->get_nodelist; |
94
|
|
|
|
|
|
|
}, |
95
|
|
|
|
|
|
|
'/usr/bin/yum' => sub { |
96
|
|
|
|
|
|
|
my $output = qx/yum list-security -y/; |
97
|
|
|
|
|
|
|
my @packages; |
98
|
|
|
|
|
|
|
foreach my $line (split /\n/, $output) { |
99
|
|
|
|
|
|
|
if (my ($name) = $line =~ /^[\w-]+ +(?:Important\/Sec\.|security) +(\S+)$/) { |
100
|
|
|
|
|
|
|
push @packages, $name; |
101
|
|
|
|
|
|
|
} |
102
|
|
|
|
|
|
|
} |
103
|
|
|
|
|
|
|
return @packages; |
104
|
|
|
|
|
|
|
} |
105
|
|
|
|
|
|
|
); |
106
|
|
|
|
|
|
|
my $updates = {}; |
107
|
|
|
|
|
|
|
my $counter = 0; |
108
|
|
|
|
|
|
|
foreach my $binary (keys %distributions) { |
109
|
|
|
|
|
|
|
if (-e $binary) { |
110
|
|
|
|
|
|
|
my @packages; |
111
|
|
|
|
|
|
|
if (exists $cache->{$binary} && $cache->{$binary}->{last} > time() - 3600) { |
112
|
|
|
|
|
|
|
@packages = @{$cache->{$binary}->{packages}}; |
113
|
|
|
|
|
|
|
} else { |
114
|
|
|
|
|
|
|
@packages = sort $distributions{$binary}->(); |
115
|
|
|
|
|
|
|
$cache->{$binary} = { |
116
|
|
|
|
|
|
|
last => time(), |
117
|
|
|
|
|
|
|
packages => \@packages, |
118
|
|
|
|
|
|
|
}; |
119
|
|
|
|
|
|
|
} |
120
|
|
|
|
|
|
|
foreach (@packages) { |
121
|
|
|
|
|
|
|
$updates->{$counter} = $_; |
122
|
|
|
|
|
|
|
print STDERR "Pending security update: $_\n"; |
123
|
|
|
|
|
|
|
$counter++; |
124
|
|
|
|
|
|
|
} |
125
|
|
|
|
|
|
|
} |
126
|
|
|
|
|
|
|
} |
127
|
|
|
|
|
|
|
return $updates; |
128
|
|
|
|
|
|
|
} |
129
|
|
|
|
|
|
|
|
130
|
|
|
|
|
|
|
=head2 handler |
131
|
|
|
|
|
|
|
|
132
|
|
|
|
|
|
|
=cut |
133
|
|
|
|
|
|
|
|
134
|
|
|
|
|
|
|
sub handler { |
135
|
|
|
|
|
|
|
my ($handler, $registration_info, $request_info, $requests) = @_; |
136
|
|
|
|
|
|
|
my $request; |
137
|
|
|
|
|
|
|
|
138
|
|
|
|
|
|
|
my $updates = check(); |
139
|
|
|
|
|
|
|
my $size = keys %$updates; |
140
|
|
|
|
|
|
|
|
141
|
|
|
|
|
|
|
for($request = $requests; $request; $request = $request->next()) { |
142
|
|
|
|
|
|
|
my $oid = $request->getOID(); |
143
|
|
|
|
|
|
|
if ($request_info->getMode() == MODE_GET) { |
144
|
|
|
|
|
|
|
if ($oid == $BASEOID) { |
145
|
|
|
|
|
|
|
$request->setValue(ASN_INTEGER, $size); |
146
|
|
|
|
|
|
|
} else { |
147
|
|
|
|
|
|
|
foreach my $package_oid (sort {$a <=> $b} keys %$updates) { |
148
|
|
|
|
|
|
|
if ($oid == $BASEOID + ".$package_oid") { |
149
|
|
|
|
|
|
|
$request->setValue(ASN_OCTET_STR, $updates->{$package_oid}); |
150
|
|
|
|
|
|
|
} |
151
|
|
|
|
|
|
|
} |
152
|
|
|
|
|
|
|
} |
153
|
|
|
|
|
|
|
} elsif ($request_info->getMode() == MODE_GETNEXT) { |
154
|
|
|
|
|
|
|
if ($oid < $BASEOID) { |
155
|
|
|
|
|
|
|
$request->setOID($BASEOID); |
156
|
|
|
|
|
|
|
$request->setValue(ASN_INTEGER, $size); |
157
|
|
|
|
|
|
|
} else { |
158
|
|
|
|
|
|
|
foreach my $package_oid (sort {$a <=> $b} keys %$updates) { |
159
|
|
|
|
|
|
|
if ($oid < $BASEOID + ".$package_oid") { |
160
|
|
|
|
|
|
|
$request->setOID($BASEOID + ".$package_oid"); |
161
|
|
|
|
|
|
|
$request->setValue(ASN_OCTET_STR, $updates->{$package_oid}); |
162
|
|
|
|
|
|
|
last; |
163
|
|
|
|
|
|
|
} |
164
|
|
|
|
|
|
|
} |
165
|
|
|
|
|
|
|
} |
166
|
|
|
|
|
|
|
} |
167
|
|
|
|
|
|
|
} |
168
|
|
|
|
|
|
|
} |
169
|
|
|
|
|
|
|
=head1 AUTHOR |
170
|
|
|
|
|
|
|
|
171
|
|
|
|
|
|
|
Michael Fladischer, C<< >> |
172
|
|
|
|
|
|
|
|
173
|
|
|
|
|
|
|
=head1 BUGS |
174
|
|
|
|
|
|
|
|
175
|
|
|
|
|
|
|
Please report any bugs or feature requests to C, or through |
176
|
|
|
|
|
|
|
the web interface at L. I will be notified, and then you'll |
177
|
|
|
|
|
|
|
automatically be notified of progress on your bug as I make changes. |
178
|
|
|
|
|
|
|
|
179
|
|
|
|
|
|
|
|
180
|
|
|
|
|
|
|
|
181
|
|
|
|
|
|
|
|
182
|
|
|
|
|
|
|
=head1 SUPPORT |
183
|
|
|
|
|
|
|
|
184
|
|
|
|
|
|
|
You can find documentation for this module with the perldoc command. |
185
|
|
|
|
|
|
|
|
186
|
|
|
|
|
|
|
perldoc OpenServices::SNMP::Plugin::Updates |
187
|
|
|
|
|
|
|
|
188
|
|
|
|
|
|
|
|
189
|
|
|
|
|
|
|
You can also look for information at: |
190
|
|
|
|
|
|
|
|
191
|
|
|
|
|
|
|
=over 4 |
192
|
|
|
|
|
|
|
|
193
|
|
|
|
|
|
|
=item * RT: CPAN's request tracker (report bugs here) |
194
|
|
|
|
|
|
|
|
195
|
|
|
|
|
|
|
L |
196
|
|
|
|
|
|
|
|
197
|
|
|
|
|
|
|
=item * AnnoCPAN: Annotated CPAN documentation |
198
|
|
|
|
|
|
|
|
199
|
|
|
|
|
|
|
L |
200
|
|
|
|
|
|
|
|
201
|
|
|
|
|
|
|
=item * CPAN Ratings |
202
|
|
|
|
|
|
|
|
203
|
|
|
|
|
|
|
L |
204
|
|
|
|
|
|
|
|
205
|
|
|
|
|
|
|
=item * Search CPAN |
206
|
|
|
|
|
|
|
|
207
|
|
|
|
|
|
|
L |
208
|
|
|
|
|
|
|
|
209
|
|
|
|
|
|
|
=back |
210
|
|
|
|
|
|
|
|
211
|
|
|
|
|
|
|
|
212
|
|
|
|
|
|
|
=head1 ACKNOWLEDGEMENTS |
213
|
|
|
|
|
|
|
|
214
|
|
|
|
|
|
|
|
215
|
|
|
|
|
|
|
=head1 LICENSE AND COPYRIGHT |
216
|
|
|
|
|
|
|
|
217
|
|
|
|
|
|
|
Copyright 2014 Michael Fladischer. |
218
|
|
|
|
|
|
|
|
219
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or modify it |
220
|
|
|
|
|
|
|
under the terms of the the Artistic License (2.0). You may obtain a |
221
|
|
|
|
|
|
|
copy of the full license at: |
222
|
|
|
|
|
|
|
|
223
|
|
|
|
|
|
|
L |
224
|
|
|
|
|
|
|
|
225
|
|
|
|
|
|
|
Any use, modification, and distribution of the Standard or Modified |
226
|
|
|
|
|
|
|
Versions is governed by this Artistic License. By using, modifying or |
227
|
|
|
|
|
|
|
distributing the Package, you accept this license. Do not use, modify, |
228
|
|
|
|
|
|
|
or distribute the Package, if you do not accept this license. |
229
|
|
|
|
|
|
|
|
230
|
|
|
|
|
|
|
If your Modified Version has been derived from a Modified Version made |
231
|
|
|
|
|
|
|
by someone other than you, you are nevertheless required to ensure that |
232
|
|
|
|
|
|
|
your Modified Version complies with the requirements of this license. |
233
|
|
|
|
|
|
|
|
234
|
|
|
|
|
|
|
This license does not grant you the right to use any trademark, service |
235
|
|
|
|
|
|
|
mark, tradename, or logo of the Copyright Holder. |
236
|
|
|
|
|
|
|
|
237
|
|
|
|
|
|
|
This license includes the non-exclusive, worldwide, free-of-charge |
238
|
|
|
|
|
|
|
patent license to make, have made, use, offer to sell, sell, import and |
239
|
|
|
|
|
|
|
otherwise transfer the Package with respect to any patent claims |
240
|
|
|
|
|
|
|
licensable by the Copyright Holder that are necessarily infringed by the |
241
|
|
|
|
|
|
|
Package. If you institute patent litigation (including a cross-claim or |
242
|
|
|
|
|
|
|
counterclaim) against any party alleging that the Package constitutes |
243
|
|
|
|
|
|
|
direct or contributory patent infringement, then this Artistic License |
244
|
|
|
|
|
|
|
to you shall terminate on the date that such litigation is filed. |
245
|
|
|
|
|
|
|
|
246
|
|
|
|
|
|
|
Disclaimer of Warranty: THE PACKAGE IS PROVIDED BY THE COPYRIGHT HOLDER |
247
|
|
|
|
|
|
|
AND CONTRIBUTORS "AS IS' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. |
248
|
|
|
|
|
|
|
THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR |
249
|
|
|
|
|
|
|
PURPOSE, OR NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT PERMITTED BY |
250
|
|
|
|
|
|
|
YOUR LOCAL LAW. UNLESS REQUIRED BY LAW, NO COPYRIGHT HOLDER OR |
251
|
|
|
|
|
|
|
CONTRIBUTOR WILL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR |
252
|
|
|
|
|
|
|
CONSEQUENTIAL DAMAGES ARISING IN ANY WAY OUT OF THE USE OF THE PACKAGE, |
253
|
|
|
|
|
|
|
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
254
|
|
|
|
|
|
|
|
255
|
|
|
|
|
|
|
|
256
|
|
|
|
|
|
|
=cut |
257
|
|
|
|
|
|
|
|
258
|
|
|
|
|
|
|
1; # End of OpenServices::SNMP::Plugin::Updates |