At work we run a number of Red Hat Enterprise machines and CentOS servers. After finding a large number of machines that were grossly outdated I decided to add a weekly cron job to notify us of available updates. I used something along the lines of:
#!/bin/bash
yum check-update | mail -s “Weekly Errata Report for $(hostname)” admin@domain.tld
After dropping this little one-liner into /etc/cron.weekly/ we’re now notified of available package updates on a weekly basis, and our machines are keeping up to date much better!
I got to thinking this evening about how to achieve the same results on my Ubuntu and Debian servers. There does not seem to be an equivalent command to ‘yum check-update‘, but there appears to be a similar solution.
#!/bin/bash
(apt-get update && apt-get -s safe-upgrade && apt-get -s full-upgrade) | mail -s “Weekly Errata Report for $(hostname)” admin@domain.tld
The apt-get equivalent command above is a bit more verbose but it basically does the same thing. note: the parens are required so that the collective output of the three commands will be piped to the mail utility.
Does anyone else have any suggestions an how to accomplish this with standard Ubuntu/Debian tools?
cron-apt/apticron FTW!
Why didn’t you ‘apt-cache search cron apt’??
Here error on Ubuntu:
# apt-get -s safe-upgrade
E: Invalid operation safe-upgrade
# apt-get -s full-upgrade
E: Invalid operation full-upgrade
So… sometimes Ubuntu not same 100% with Debian.
Maybe on Ubuntu you can use:
#!/bin/bash
(apt-get update && apt-get -s upgrade && apt-get -s dist-upgrade) | mail -s “Weekly Errata Report for $(hostname)” admin@domain.tld
Another vote for apticron – an awesome tool, which emails not only that there are updates, but also the changelog/release notes for the updated packages.
Thanks for the tip about apticron. I set that up and it seems much nicer than what I hacked together.
I should have known Debian would already have the little tools I was looking for.
Another similar package is cron-apt.
It seems you said ‘apt-get’ when you meant ‘aptitude’ in your script.
Look here: http://rocky.eld.leidenuniv.nl/ -> Linux Scripts -> Status Report
There’s a code sniplet within the script which resolves the available updates without installing them. You must only pipe the results in a mail.
http://debaday.debian.net/2008/11/30/apticron-cron-script-to-mail-impending-apt-updates/
I just wrote a wrapper around yum check-update so that it doesn’t send an e-mail when there is no update available:
#! /bin/bash
# Script that sends an e-mail with a list of available updated rpm packages, if any.
MESSAGE=`/usr/bin/yum check-update`
RETVAL=$?
if [ $RETVAL -eq 100 ]; then
echo $MESSAGE | mail -s “Yum Check-Udate” admin@domain.tld
fi