With all the patch management solutions, local repositories and other options, it is rarely necessary to manually scan all servers on your network to build a “report” of the patch levels in your environment.
Sometimes it is, however. For instance, if you are brought into an environment that has not been properly managed and require some quick audits to evaluate how much actual work needs to be done bringing all the patch levels up to standard, then there are ways to produce these reports with simple bash scripting.
I have developed such a script for similar situations — quick reporting is sometimes necessary even when you are evaluating a large commercial patch management solution. It can even be implemented to coincide such solutions, for independent reporting perhaps.
This script would work well either by distributing it to each server and running the script via ssh key based authentication for centralized reporting. Alternatively, you could modify this script to perform each command via SSH over the network to gather information that way. It is probably more ideal to centrally distribute the script to each server so only one ssh command is executed per server.
Find the script below — note that it only works with RedHat / CentOS systems. Obviously if you are paying for Red Hat enterprise support you already are using satellite; If you are using CentOS then this script may be useful for you.
Enjoy!
#!/bin/sh
# Basic Information Gathering
# Star Dot Hosting
# http://www.stardothosting.com
HOSTNAME=`hostname`
UNAME=`uname -a | awk '{print $3}'`
# Begin Package Scanning
# SSH
SSHON="0"
SSHRUN="NULL"
SSHRPM="NULL"
SSHMATCH="NULL"
if [ -f /usr/sbin/sshd ]
then
SSHON="1"
SSHMATCH="0"
SSHRUN=`ssh -V 2>&1 | awk 'BEGIN { FS = "_" } ; { print $2 }' | awk '{print $1}' | cut -b 0-5`
TESTRPM=`rpm -qa openssh`
if [ "$TESTRPM" <> 0 ]
then
SSHRPM=`rpm -qa openssh | awk 'BEGIN { FS = "-" } ; { print $2 }'`
fi
if [ "$SSHRUN" == "$SSHRPM" ]
then
SSHMATCH="1"
fi
fi
# Apache
HTTPDON="0"
HTTPDRUN="NULL"
HTTPDRPM="NULL"
HTTPDMATCH="NULL"
if [ -f /usr/sbin/httpd ]
then
HTTPDON="1"
HTTPDMATCH="0"
HTTPDRUN=`httpd -v | grep version | awk 'BEGIN {FS="/"};{print$2}'`
TESTRPM=`rpm -qa httpd`
if [ "$TESTRPM" <> 0 ]
then
HTTPDRPM=`rpm -qa httpd | awk 'BEGIN { FS = "-" } ; { print $2 }'`
fi
if [ "$HTTPDRUN" == "$HTTPDRPM" ]
then
HTTPDMATCH="1"
fi
fi
# MySQL
MYSQLON="0"
MYSQLRUN="NULL"
MYSQLRPM="NULL"
MYSQLMATCH="NULL"
if [ -f /usr/bin/mysql ]
then
MYSQLON="1"
MYSQLMATCH="0"
MYSQLRUN=`mysql -V | awk '{print $5}' | cut -b 0-6`
TESTRPM=`rpm -qa mysql`
if [ "$TESTRPM" <> 0 ]
then
MYSQLRPM=`rpm -qa mysql | awk 'BEGIN { FS = "-" } ; { print $2 }'`
fi
if [ "$MYSQLRUN" == "$MYSQLRPM" ]
then
MYSQLMATCH="1"
fi
fi
# PHP
PHPON="0"
PHPRUN="NULL"
PHPRPM="NULL"
PHPMATCH="NULL"
if [ -f /usr/bin/php ]
then
PHPON="1"
PHPMATCH="0"
PHPRUN=`php -v | grep built | awk '{print $2 }'`
TESTRPM=`rpm -qa php`
if [ "$TESTRPM" <> 0 ]
then
PHPRPM=`rpm -qa php | awk 'BEGIN { FS = "-" } ; { print $2 }'`
fi
if [ "$PHPRUN" == "$PHPRPM" ]
then
PHPMATCH="1"
fi
fi
# Exim
# Needs to be tested on RH box
EXIMON="0"
EXIMRUN="NULL"
EXIMRPM="NULL"
EXIMMATCH="NULL"
if [ -f /usr/sbin/exim ]
then
EXIMON="1"
EXIMMATCH="0"
EXIMRUN=`exim -bV | grep version | awk '{print $3}'`
TESTRPM=`rpm -qa exim`
if [ "$TESTRPM" <> 0 ]
then
EXIMRPM=`rpm -qa exim | awk 'BEGIN { FS = "-" } ; { print $2 }'`
fi
if [ "$EXIMRUN" == "$EXIMRPM" ]
then
EXIMMATCH="1"
fi
fi
# OpenSSL
OSSLON="0"
OSSLRUN="NULL"
OSSLRPM="NULL"
OSSLMATCH="NULL"
if [ -f /usr/bin/openssl ]
then
OSSLON="1"
OSSLMATCH="0"
OSSLRUN=`openssl version | awk '{print $2}'`
TESTRPM=`rpm -qa openssl`
if [ "$TESTRPM" <> 0 ]
then
OSSLRPM=`rpm -qa openssl | awk 'BEGIN { FS = "-" } ; { print $2 }'`
fi
if [ "$OSSLRUN" == "$OSSLRPM" ]
then
OSSLMATCH="1"
fi
fi
# PERL
PERLON="0"
PERLRUN="NULL"
PERLRPM="NULL"
PERLMATCH="NULL"
if [ -f /usr/bin/perl ]
then
PERLON="1"
PERLMATCH="0"
PERLRUN=`perl -v | grep built | awk '{print $4}' | awk 'BEGIN { FS = "v" } ; { print $2 }'`
TESTRPM=`rpm -qa perl`
if [ "$TESTRPM" <> 0 ]
then
PERLRPM=`rpm -qa perl | awk 'BEGIN { FS = "-" } ; { print $2 }'`
fi
if [ "$PERLRUN" == "$PERLRPM" ]
then
PERLMATCH="1"
fi
fi
# PYTHON
PYON="0"
PYRUN="NULL"
PYRPM="NULL"
PYMATCH="NULL"
if [ -f /usr/bin/python ]
then
PYON="1"
PYMATCH="0"
PYRUN=`python -V 2>&1 | awk '{print $2}'`
TESTRPM=`rpm -qa python`
if [ "$TESTRPM" <> 0 ]
then
PYRPM=`rpm -qa python | awk 'BEGIN { FS = "-" } ; { print $2 }'`
fi
if [ "$PYRUN" == "$PYRPM" ]
then
PYMATCH="1"
fi
fi
# GPG
GPGON="0"
GPGRUN="NULL"
GPGRPM="NULL"
GPGMATCH="NULL"
if [ -f /usr/bin/gpg ]
then
GPGON="1"
GPGMATCH="0"
GPGRUN=`gpg --version | grep gpg | awk '{print $3}'`
TESTRPM=`rpm -qa gnupg`
if [ "$TESTRPM" <> 0 ]
then
GPGRPM=`rpm -qa gnupg | awk 'BEGIN { FS = "-" } ; { print $2 }'`
fi
if [ "$GPGRUN" == "$GPGRPM" ]
then
GPGMATCH="1"
fi
fi
# RPM
RPMON="0"
RPMRUN="NULL"
RPMRPM="NULL"
RPMMATCH="NULL"
if [ -f /bin/rpm ]
then
RPMON="1"
RPMMATCH="0"
RPMRUN=`rpm --version | awk '{print $3}'`
TESTRPM=`rpm -qa rpm`
if [ "$TESTRPM" <> 0 ]
then
RPMRPM=`rpm -qa rpm | awk 'BEGIN { FS = "-" } ; { print $2 }'`
fi
if [ "$RPMRUN" == "$RPMRPM" ]
then
RPMMATCH="1"
fi
fi
# SENDMAIL
SENDON="0"
SENDRUN="NULL"
SENDRPM="NULL"
SENDMATCH="NULL"
if [ -f /usr/sbin/sendmail ]
then
SENDON="1"
SENDMATCH="0"
SENDRUN=`echo 'quit' | nc localhost 25 | grep Sendmail | awk '{print $5}' | awk 'BEGIN { FS = "/" } ; { print $1 }'`
TESTRPM=`rpm -qa sendmail`
if [ "$TESTRPM" <> 0 ]
then
SENDRPM=`rpm -qa sendmail | awk 'BEGIN { FS = "-" } ; { print $2 }'`
fi
if [ "$SENDRUN" == "$SENDRPM" ]
then
SENDMATCH="1"
fi
fi
### Non running packages
# bind-libs
BINDLIB="NULL"
TESTRPM=`rpm -qa bind-libs`
if [ "$TESTRPM" <> 0 ]
then
BINDLIB=`rpm -qa bind-libs | awk 'BEGIN { FS = "-" } ; { print $3 }'`
fi
# bind-utils
BINDUTIL="NULL"
TESTRPM=`rpm -qa bind-utils`
if [ "$TESTRPM" <> 0 ]
then
BINDUTIL=`rpm -qa bind-utils | awk 'BEGIN { FS = "-" } ; { print $3 }'`
fi
# coreutils
COREUTIL="NULL"
TESTRPM=`rpm -qa coreutils`
if [ "$TESTRPM" <> 0 ]
then
COREUTIL=`rpm -qa coreutils | awk 'BEGIN { FS = "-" } ; { print $2 }'`
fi
# chkconfig
CHKCONFIG="NULL"
TESTRPM=`rpm -qa chkconfig`
if [ "$TESTRPM" <> 0 ]
then
CHKCONFIG=`rpm -qa chkconfig | awk 'BEGIN { FS = "-" } ; { print $2 }'`
fi
# initscripts
INITSCR="NULL"
TESTRPM=`rpm -qa initscripts`
if [ "$TESTRPM" <> 0 ]
then
INITSCR=`rpm -qa initscripts | awk 'BEGIN { FS = "-" } ; { print $2 }'`
fi
# redhat-release
RHRELEASE="NULL"
TESTRPM=`rpm -qa redhat-release`
if [ "$TESTRPM" <> 0 ]
then
RHRELEASE=`rpm -qa redhat-release | awk 'BEGIN { FS = "-" } ; { print $3"-"$4 }'`
fi
echo $HOSTNAME,$UNAME,$SSHMATCH,$HTTPDMATCH,$MYSQLMATCH,$PHPMATCH,$EXIMMATCH,$OSSLMATCH,$PYMATCH,$PERLMATCH,$GPGMATCH,
$RPMMATCH,$SENDMATCH,$BINDLIB,$BINDUTIL,$COREUTIL,$CHKCONFIG,$INITSCR,$RHRELEASE,$SSHON,$SSHRUN,$SSHRPM,$HTTPDON,$HTTPDRUN,
$HTTPDRPM,$MYSQLON,$MYSQLRUN,$MYSQLRPM,$PHPON,$PHPRUN,$PHPRPM,$EXIMON,$EXIMRUN,$EXIMRPM,$OSSLON,$OSSLRUN,$OSSLRPM,$PERLON,
$PERLRUN,$PERLRPM,$PYON,$PYRUN,$PYRPM,$GPGON,$GPGRUN,$GPGRPM,$RPMON,$RPMRUN,$RPMRPM,$SENDON,$SENDRUN,$SENDRPM
Note that you can modify the echo output to produce whatever output you need in order to present it in a nice human readable report.
Recent Comments