I need this for a simple monitoring script which i don't want to run as root...
Asked
Active
Viewed 5,325 times
8
-
1there's always command-restricted nopasswd sudo – Michael Lowman Jul 07 '11 at 16:31
-
Thanks to all of you for the many answers. After trying a few of your suggestions and digging around a little more it seems to me that the solution that requires the least dependencies and is the most secure is simply parsing /etc/motd - however that doesn't seem very elegant to me :) – Joe Kandaba Jul 07 '11 at 18:28
3 Answers
10
The number of pending security updates can be found using:
/usr/lib/update-notifier/apt-check 2>&1 | cut -d ';' -f 1
and the number of pending regular updates can be found using:
/usr/lib/update-notifier/apt-check 2>&1 | cut -d ';' -f 2
https://superuser.com/questions/199869/check-number-of-pending-security-updates-in-ubuntu
-
-
Thanks for the reply however as pointed out by jldugger it is a (headless) server so installing >240 packages including lot's of gui stuff just to get the number of apt updates really isn't an option. – Joe Kandaba Jul 07 '11 at 18:20
-
It's provided by the update-notifier-common package. I don't think it has any gui dependencies. – sourcejedi Feb 25 '13 at 22:56
1
using sudo is your answer, you will likely need to add the user you want to run the script at to the sudoers file and probably with the nopasswd flag so it doesnt prompt for your password everytime the script runs, for more info about sudo, try taking a look here: https://help.ubuntu.com/community/Sudoers
anthonysomerset
- 4,233
- 2
- 21
- 24
-
I'd really rather not have anything run as root on a server that doesn't absolutely have to. – Joe Kandaba Jul 07 '11 at 18:18
-
it only runs as root long enough to run the command, and you can restrict it to the specific command needed to get updates, thus neutralising any possible security threat – anthonysomerset Jul 07 '11 at 19:38
1
Ubuntu has many packaged nagios plugins, including the handy check_apt, a custom C program. It's slightly better than update-notifier in that its dependencies are smaller; if you're interested in monitoring servers you've probably already installed it! The output looks like this (if you don't like it it seems trivial to fork the program to print what you need):
APT OK: 0 packages available for upgrade (0 critical updates).
If nagios alerting isn't your preference, you can do what I do and install apticron, which will send you email notifications about available updates on a system.
jldugger
- 14,342
- 20
- 77
- 129
-
Thanks! Apticron isn't an option as i need the information for my own script so an email doesn't do the trick. For the same reason i'm not using nagios, however you answer seems to imply that "check_apt" can be used independently ? – Joe Kandaba Jul 07 '11 at 18:23
-
@Joe all of the nagios plugins can be run independently-- that's most of what nagios does :) – Michael Lowman Jul 07 '11 at 18:34
-
Yep. It's just a program installed to /usr/lib/nagios/check_apt. Runs just fine as any old user. – jldugger Jul 07 '11 at 18:34