Monitor Linux System Updates

Tech

If you manage a number of Linux servers that are monitored by PRTG, then you might think that outstanding updates & software patches have had to be monitored manually.

I carried out an investigation into Patch Management solutions for Linux in 2019 and took the decision not to bother with any. Most of them came were expensive, all were cumbersome and they increased admin overheads. 

Instead I developed a simply bash script which when used in conjunction with PRTG provides everything we need.

For more information on the network monitoring system PRTG take a look here: https://www.paessler.com/prtg

Linux Bash Script & Configuration

The following bash script needs to be created in the folder varprtgscripts:

#!/bin/bash
#returns number of updates waiting to be applied
apt-get update -q > null
count="$(apt-get upgrade -s | grep 'upgraded,' | cut -d ' ' -f 1)"
if [ $count -lt 10 ]
then
 printf "0:"
 printf "${count}"
 printf ":normal"
else
 printf "0:"
 printf "${count}"
 printf ":high number of updates"
fi

NOTE: The above code will work on Debian systems, but for Ubuntu line 4 will need to be changed to:

count=”$(apt-get upgrade -s | grep ‘upgrade,’ | cut -d ‘ ‘ -f 1)”

The script needs to be made executable, and will be found by PRTG during sensor creation.

chmod +x updatecounter.sh

PRTG Sensor Configuration

From the PRTG admin console, locate the device you want to add the sensor to, select “Add Sensor”, then from the list select “SSH Script”.

Ensure the device has the correct SSH logon credentials, otherwise PRTG will not be able to find the script, or execute it.

  1. Change the sensor name to: “Software Updates”
  2. Select “updatecounter.sh” as the script to be executed (if this does not appear, then check the script exists on the server under varprtgscripts and is executable, also check that PRTG can logon to the server using SSH.
  3. Change the scanning interval to 24hours
  4. Click “Create”
  5. Now select the sensor, click “edit settings” and select “Channel Settings”
  6. Select “Value”  – Note: the sensor needs to have scanned at least once for the “value” channel to appear in the list
  7. Select “Enable alerting based on limits”
  8. Select Value, and enter 15 in the “Upper Warning Limit”