Nagios Check for Security Fixes
If you are tired of scanning all kind of CERT advisories in your mailbox and you are running a nice Debian-based landscape using mostly package-based software anyway, you should consider using check_apt contained in the Nagios plugins.
You just need to run check_apt, that will check for available updates and is turning into CRITICAL, if security updates are available. For Debian and Ubuntu the default pattern for security-related updates will do fine.
It's a good idea to setup a cron job, that will update the package database like this:
30 */12 * * * root /usr/bin/apt-get -qq update
You can also let check_apt do this, but normally it will run with non-privileged permissions (using NRPE or SNMP-exec), which is not compatible with the requirements of the update on the package database. The check itself is doing a fake upgrade, which is allowed for non-privileged users.
Of course you can also use sudo to solve this minor issue.
By the way, my APT services on Debian-based hosts are normally setup with a lower frequency (normal_check_interval, retry_check_interval, notification_interval). It should work as a useful notification during daylight, but I don't want to wake-up in the middle of the night triggered by a check_apt.
September 25th, 2009 - 11:57
…or maybe this way (imho the easiest and cleanest way):
Create a new file in /etc/apt/apt.conf.d/ called 42dailyupdate or whatever you prefer and add the following two lines to it:
APT::Periodic::Update-Package-Lists “1″;
APT::Periodic::Download-Upgradeable-Packages “1″;
This file is being parsed by the apt cronjob in /etc/cron.daily
/schmalenegger