summaryrefslogtreecommitdiffstats
path: root/hosts/profitbricks-build2-amd64/usr
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/profitbricks-build2-amd64/usr')
-rwxr-xr-xhosts/profitbricks-build2-amd64/usr/local/bin/dsa-check-packages362
-rwxr-xr-xhosts/profitbricks-build2-amd64/usr/local/bin/dsa-check-running-kernel252
-rwxr-xr-xhosts/profitbricks-build2-amd64/usr/local/sbin/nagios-check-libs204
3 files changed, 0 insertions, 818 deletions
diff --git a/hosts/profitbricks-build2-amd64/usr/local/bin/dsa-check-packages b/hosts/profitbricks-build2-amd64/usr/local/bin/dsa-check-packages
deleted file mode 100755
index 28844e5a..00000000
--- a/hosts/profitbricks-build2-amd64/usr/local/bin/dsa-check-packages
+++ /dev/null
@@ -1,362 +0,0 @@
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter@palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-my $IGNORED = "/etc/nagios/obsolete-packages-ignore.d";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- my $line;
- my $has_arch = 0;
- while (defined($line = shift @lines) && ($line !~ /\+\+\+/)) {
- if ($line =~ /Architecture/) { $has_arch = 1; }
- }
-
- my %pkgs;
- for $line (@lines) {
- my ($state, $pkg, $version, $arch, undef) = split(/ */, $line);
- $arch = '' unless $has_arch;
- $pkgs{$state}{$pkg} = { 'installed' => $version, arch => $arch }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- my @installed_packages = keys(%$installed);
- my @cmd = ("apt-cache", "policy", @installed_packages);
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
- open (F, "-|", @cmd) or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
- chomp(@lines);
-
- my $pkgname = undef;
- my $candidate_found = 0;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- # when we have multi-arch capable fu, we require that
- # apt-cache policy output is in the same order as its
- # arguments.
- #
- # We needs thi, because the output block in apt-cache
- # policy does not show the arch:
- #
- # | weasel@stanley:~$ apt-cache policy libedit2:amd64
- # | libedit2:
- # | Installed: 2.11-20080614-5
- # | Candidate: 2.11-20080614-5
- #
- # We replace the package name in the output with the
- # one we asked for ($pkg:$arch) - but to match this up
- # sanely we need the order to be correct.
- #
- # For squeeze systems (no m-a), apt-cache policy output
- # is all different.
- $pkgname = $1;
- $candidate_found = 0;
- if ($has_arch) {
- my $from_list = shift @installed_packages;
- next if ($pkgname eq $from_list); # no :$arch in pkgname we asked for
-
- my $ma_fix_pkgname = $pkgname.':'.$installed->{$from_list}->{'arch'};
- my $ma_fix_from_list = $from_list.':'.$installed->{$from_list}->{'arch'};
-
- if ($pkgname eq $ma_fix_from_list || # e.g. ia32-libs-i386. dpkg -l: ia32-libs-i386, apt-cache policy: ia32-libs-i386:i386
- $ma_fix_pkgname eq $from_list) {
- $pkgname = $from_list;
- } else {
- die "Unexpected order mismatch in apt-cache policy output (apt-cache policy name: $pkgname - dpkg -l name: $from_list)\n";
- }
- }
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- # initialize security-update
- $installed->{$pkgname}{'security-update'} = 0;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ / ([^ ]+) [0-9]+/) {
- # check if the next lines show the sources of our candidate
- if ($1 eq $installed->{$pkgname}{'candidate'}) {
- $candidate_found = 1;
- }
- } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
- $installed->{$pkgname}{'security-update'} = 1;
- } elsif ($line =~ /^ +\*\*\*/) {
- $line = shift @lines;
- my @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- $candidate_found = 0;
- }
- }
-
- my (%current, %obsolete, %outofdate, %security_outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- if ($pkg->{'security-update'}) {
- $security_outofdate{$pkgname} = $pkg;
- } else {
- $outofdate{$pkgname} = $pkg;
- }
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'security_outofdate'} = \%security_outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefiles, $require_file) = @_;
-
- my @ignores;
-
- for my $ignoreitem (@$ignorefiles) {
- next if (!$require_file and ! -e $ignoreitem);
-
- my @filestoopen;
- if (-d $ignoreitem) {
- opendir(DIR, $ignoreitem) or die ("Cannot open dir $ignoreitem: $!\n");
- @filestoopen = readdir(DIR);
- closedir(DIR);
-
- @filestoopen = grep { -f ($ignoreitem.'/'.$_) } @filestoopen;
- @filestoopen = grep { /^([a-z0-9_.-]+)+[a-z0-9]+$/i } @filestoopen;
- @filestoopen = grep { !/dpkg-(old|dist|new|tmp)$/ } @filestoopen;
- @filestoopen = map { ($ignoreitem.'/'.$_) } @filestoopen;
- } else {
- push @filestoopen, $ignoreitem;
- }
-
- for my $f (@filestoopen) {
- open (F, "< $f") or die ("Cannot open $f: $!\n");
- push @ignores, <F>;
- close F;
- }
- }
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile|dir> [<ignorefile|dir> ...]]\n";
- exit $exit;
-}
-
-my $ignorefiles = [$IGNORE, $IGNORED];
-my $ignorefile_userset = 0;
-if (@ARGV >= 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile_userset = 1;
- $ignorefiles = \@ARGV;
-};
-
-my $ignores = load_ignores($ignorefiles, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs/loc",
- 'perf' => "obs_loc=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'perf' => "outdated=%d;1;5;0",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'perf' => "current=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs/loc(ignored)",
- 'perf' => "obs_ign=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'perf' => "rm_unprg=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'perf' => "hold=%d;;;0",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'perf' => "prg_conf=%d;1;;0",
- 'status' => 'WARNING' },
- { 'key' => 'security_outofdate',
- 'listpackages' => 1,
- 'long' => "%d packages with outstanding security updates: %s",
- 'short' => "%d security-updates",
- 'perf' => "security_outdated=%d;;1;0",
- 'status' => 'CRITICAL' },
- );
-
-my @longout;
-my @perfout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- push @perfout, sprintf($form->{'perf'}, $num);
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-my $perfout = "|".join(" ", @perfout);
-
-print $shortout,"\n";
-print $longout,"\n";
-print $perfout,"\n";
-
-exit $CODE{$EXITCODE};
diff --git a/hosts/profitbricks-build2-amd64/usr/local/bin/dsa-check-running-kernel b/hosts/profitbricks-build2-amd64/usr/local/bin/dsa-check-running-kernel
deleted file mode 100755
index 80f45bfb..00000000
--- a/hosts/profitbricks-build2-amd64/usr/local/bin/dsa-check-running-kernel
+++ /dev/null
@@ -1,252 +0,0 @@
-#!/bin/bash
-
-# Check if the running kernel has the same version string as the on-disk
-# kernel image.
-
-# Copyright 2008,2009,2011,2012,2013,2014 Peter Palfrader
-# Copyright 2009 Stephen Gran
-# Copyright 2010,2012,2013 Uli Martens
-# Copyright 2011 Alexander Reichle-Schmehl
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-OK=0;
-WARNING=1;
-CRITICAL=2;
-UNKNOWN=3;
-
-get_offset() {
- local file needle
-
- file="$1"
- needle="$2"
-
- perl -e '
- undef $/;
- $i = 0; $k=<>;
- while (($i = index($k, "'"$needle"'", $i)) >= 0) {
- print $i++,"\n";
- }; ' < "$file"
-}
-
-get_avail() {
- # This is wrong, but leaves room for when we have to care for machines running
- # myfirstunix-image-0.1-dsa-arm
- local prefix="$1"; shift
-
- local kervers=$(uname -r)
-
- local metavers=''
-
- # DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where
- # Debian uses versions of the form 2.6.29-2-amd64
- if [ "${kervers#3}" != "$kervers" ]; then
- metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9]+(\.[0-9])?+-[A-Za-z0-9\.]+-(.*)/\2/')
- elif [ "${kervers//dsa}" != "$kervers" ]; then
- metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/')
- else
- metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+-[A-Za-z0-9\.]+-(.*)/2.\1-\2/')
- fi
-
- # Attempt to track back to a metapackage failed. bail
- if [ "$metavers" = "$kervers" ]; then
- return 2
- fi
-
- # We're just going to give up if we can't find a matching metapackage
- # I tried being strict once, and it just caused a lot of headaches. We'll see how
- # being lax does for us
-
- local output=$(apt-cache policy ${prefix}-image-${metavers} 2>/dev/null)
- local metaavailvers=$(echo "$output" | grep '^ Candidate:' | awk '{print $2}')
- local metainstavers=$(echo "$output" | grep '^ Installed:' | awk '{print $2}')
-
- if [ -z "$metaavailvers" ] || [ "$metaavailvers" = '(none)' ]; then
- return 2
- fi
- if [ -z "$metainstavers" ] || [ "$metainstavers" = '(none)' ]; then
- return 2
- fi
-
- if [ "$metaavailvers" != "$metainstavers" ] ; then
- echo "${prefix}-image-${metavers} $metaavailvers available but $metainstavers installed"
- return 1
- fi
-
- local imagename=0
- # --no-all-versions show shows only the candidate
- for vers in $(apt-cache --no-all-versions show ${prefix}-image-${metavers} | sed -n 's/^Depends: //p' | tr ',' '\n' | tr -d ' ' | grep ${prefix}-image | awk '{print $1}' | sort -u); do
- if dpkg --compare-versions "1.$vers" gt "1.$imagename"; then
- imagename=$vers
- fi
- done
-
- if [ -z "$imagename" ] || [ "$imagename" = 0 ]; then
- return 2
- fi
-
- if [ "$imagename" != "${prefix}-image-${kervers}" ]; then
- if dpkg --compare-versions 1."$imagename" lt 1."${prefix}-image-${kervers}"; then
- return 2
- fi
- echo "$imagename" != "${prefix}-image-${kervers}"
- return 1
- fi
-
- local availvrs=$(apt-cache policy ${imagename} 2>/dev/null | grep '^ Candidate' | awk '{print $2}')
- local kernelversion=$(apt-cache policy ${prefix}-image-${kervers} 2>/dev/null | grep '^ Installed:' | awk '{print $2}')
-
- if [ "$availvrs" = "$kernelversion" ]; then
- return 0
- fi
-
- echo "$kernelversion != $availvrs"
- return 1
-}
-
-cat_vmlinux() {
- local image header filter hdroff
-
- image="$1"
- header="$2"
- filter="$3"
- hdroff="$4"
-
- get_offset "$image" $header | head -n 5 | while read off; do
- (if [ "$off" != 0 ]; then
- dd ibs="$((off+hdroff))" skip=1 count=0
- fi &&
- dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
- done
-}
-
-get_image_linux() {
- local image
-
- image="$1"
-
- # gzip compressed image
- cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0
- cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0
- # lzma compressed image
- cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1
- cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1
- # xz compressed image
- cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0
-
- echo "ERROR: Unable to extract kernel image." 2>&1
- exit 1
-}
-
-
-freebsd_check_running_version() {
- local imagefile="$1"; shift
-
- local r="$(uname -r)"
- local v="$(uname -v| sed -e 's/^#[0-9]*/&:/')"
-
- local q='@(#)FreeBSD '"$r $v"
-
- if zcat "$imagefile" | $STRINGS | grep -F -q "$q"; then
- echo "OK"
- else
- echo "not OK"
- fi
-}
-
-STRINGS="";
-if [ -x "$(which strings)" ]; then
- STRINGS="$(which strings)"
-elif [ -x "$(which busybox)" -a "$( echo foobar | $(which busybox) strings 2>/dev/null)" = "foobar" ]; then
- STRINGS="$(which busybox) strings"
-fi
-
-searched=""
-for on_disk in \
- "/boot/vmlinuz-`uname -r`"\
- "/boot/vmlinux-`uname -r`"\
- "/boot/kfreebsd-`uname -r`.gz"; do
-
- if [ -e "$on_disk" ]; then
- if [ -z "$STRINGS" ]; then
- echo "UNKNOWN: 'strings' command missing, perhaps install binutils or busybox?"
- exit $UNKNOWN
- fi
- if [ "${on_disk/vmlinu}" != "$on_disk" ]; then
- on_disk_version="`get_image_linux "$on_disk" | $STRINGS | grep 'Linux version' | head -n1`"
- if [ -x /usr/bin/lsb_release ] ; then
- vendor=$(lsb_release -i -s)
- if [ -n "$vendor" ] && [ "xDebian" != "x$vendor" ] ; then
- on_disk_version=$( echo $on_disk_version|sed -e "s/ ($vendor [[:alnum:]\.-]\+ [[:alnum:]\.]\+)//")
- fi
- fi
- [ -z "$on_disk_version" ] || break
- on_disk_version="`cat "$on_disk" | $STRINGS | grep 'Linux version' | head -n1`"
- [ -z "$on_disk_version" ] || break
-
- echo "UNKNOWN: Failed to get a version string from image $on_disk"
- exit $UNKNOWN
- else
- on_disk_version="$(zcat $on_disk | $STRINGS | grep Debian | head -n 1 | sed -e 's/Debian [[:alnum:]]\+ (\(.*\))/\1/')"
- fi
- fi
- searched="$searched $on_disk"
-done
-
-if ! [ -e "$on_disk" ]; then
- echo "WARNING: Did not find a kernel image (checked$searched) - I have no idea which kernel I am running"
- exit $WARNING
-fi
-
-if [ "$(uname -s)" = "Linux" ]; then
- running_version="`cat /proc/version`"
- if [ -z "$running_version" ] ; then
- echo "UNKNOWN: Failed to get a version string from running system"
- exit $UNKNOWN
- fi
-
- if [ "$running_version" != "$on_disk_version" ]; then
- echo "WARNING: Running kernel does not match on-disk kernel image: [$running_version != $on_disk_version]"
- exit $WARNING
- fi
-
- ret="$(get_avail linux)"
- if [ $? = 1 ]; then
- echo "WARNING: Kernel needs upgrade [$ret]"
- exit $WARNING
- fi
-else
- image_current=$(freebsd_check_running_version $on_disk)
- running_version="`uname -s` `uname -r` `uname -v`"
- if [ "$image_current" != "OK" ]; then
- approx_time="$(date -d "@`stat -c '%Y' "$on_disk"`" +"%Y-%m-%d %H:%M:%S")"
- echo "WARNING: Currently running kernel ($running_version) does not match on disk image (~ $approx_time)"
- exit $WARNING;
- fi
-
- ret="$(get_avail linux)"
- if [ $? = 1 ]; then
- echo "WARNING: Kernel needs upgrade [$ret]"
- exit $WARNING
- fi
-fi
-
-echo "OK: Running kernel matches on disk image: [$running_version]"
-exit $OK
diff --git a/hosts/profitbricks-build2-amd64/usr/local/sbin/nagios-check-libs b/hosts/profitbricks-build2-amd64/usr/local/sbin/nagios-check-libs
deleted file mode 100755
index 77b37805..00000000
--- a/hosts/profitbricks-build2-amd64/usr/local/sbin/nagios-check-libs
+++ /dev/null
@@ -1,204 +0,0 @@
-#!/usr/bin/perl -w
-
-# Copyright (C) 2005, 2006, 2007, 2008, 2012, 2015 Peter Palfrader <peter@palfrader.org>
-# 2012 Uli Martens <uli@youam.net>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use English;
-use Getopt::Long;
-
-$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
-delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
-
-my $LSOF = '/usr/bin/lsof -F0';
-my $VERSION = '0.2015012901';
-
-# nagios exit codes
-my $OK = 0;
-my $WARNING = 1;
-my $CRITICAL = 2;
-my $UNKNOWN = 3;
-
-my $params;
-my $config;
-
-Getopt::Long::config('bundling');
-
-sub dief {
- print STDERR @_;
- exit $UNKNOWN;
-}
-
-if (!GetOptions (
- '--help' => \$params->{'help'},
- '--version' => \$params->{'version'},
- '--quiet' => \$params->{'quiet'},
- '--verbose' => \$params->{'verbose'},
- '-v' => \$params->{'verbose'},
- '--config=s' => \$params->{'config'},
- )) {
- dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
-};
-if ($params->{'help'}) {
- print "$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n";
- print "Reports processes that are linked against libraries that no longer exist.\n";
- print "The optional config file can specify ignore rules - see the sample config file.\n";
- exit (0);
-};
-if ($params->{'version'}) {
- print "nagios-check-libs $VERSION\n";
- print "nagios check for availability of debian (security) updates\n";
- print "Copyright (c) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter\@palfrader.org>\n";
- exit (0);
-};
-
-if (! defined $params->{'config'}) {
- $params->{'config'} = '/etc/nagios/check-libs.conf';
-} elsif (! -e $params->{'config'}) {
- dief("Config file $params->{'config'} does not exist.\n");
-}
-
-if (-e $params->{'config'}) {
- eval "use YAML::Syck; 1" or dief "you need YAML::Syck (libyaml-syck-perl) to load a config file";
- open(my $fh, '<', $params->{'config'}) or dief "Cannot open config file $params->{'config'}: $!";
- $config = LoadFile($fh);
- close($fh);
- if (!(ref($config) eq "HASH")) {
- dief("Loaded config is not a hash!\n");
- }
-} else {
- $config = {
- 'ignorelist' => [
- '$path =~ m#^/proc/#',
- '$path =~ m#^/var/tmp/#',
- '$path =~ m#^/SYS#',
- '$path =~ m#^/drm$# # xserver stuff',
- '$path =~ m#^/dev/zero#',
- '$path =~ m#^/dev/shm/#',
- ]
- };
-}
-
-if (! exists $config->{'ignorelist'}) {
- $config->{'ignorelist'} = [];
-} elsif (! (ref($config->{'ignorelist'}) eq 'ARRAY')) {
- dief("Config->ignorelist is not an array!\n");
-}
-
-
-my %processes;
-
-sub getPIDs($$) {
- my ($user, $process) = @_;
- return join(', ', sort keys %{ $processes{$user}->{$process} });
-};
-sub getProcs($) {
- my ($user) = @_;
-
- return join(', ', map { $_.' ('.getPIDs($user, $_).')' } (sort {$a cmp $b} keys %{ $processes{$user} }));
-};
-sub getUsers() {
- return join('; ', (map { $_.': '.getProcs($_) } (sort {$a cmp $b} keys %processes)));
-};
-sub inVserver() {
- my ($f, $key);
- if (-e "/proc/self/vinfo" ) {
- $f = "/proc/self/vinfo";
- $key = "XID";
- } else {
- $f = "/proc/self/status";
- $key = "s_context";
- };
- open(F, "< $f") or return 0;
- while (<F>) {
- my ($k, $v) = split(/: */, $_, 2);
- if ($k eq $key) {
- close F;
- return ($v > 0);
- };
- };
- close F;
- return 0;
-}
-
-my $INVSERVER = inVserver();
-
-print STDERR "Running $LSOF -n\n" if $params->{'verbose'};
-open (LSOF, "$LSOF -n|") or dief ("Cannot run $LSOF -n: $!\n");
-my @lsof=<LSOF>;
-close LSOF;
-if ($CHILD_ERROR) { # program failed
- dief("$LSOF -n returned with non-zero exit code: ".($CHILD_ERROR / 256)."\n");
-};
-
-my ($process, $pid, $user);
-LINE: for my $line (@lsof) {
- if ( $line =~ /^p/ ) {
- my %fields = map { m/^(.)(.*)$/ ; $1 => $2 } grep { defined $_ and length $_ >1} split /\0/, $line;
- $process = $fields{c};
- $pid = $fields{p};
- $user = $fields{L};
- next;
- }
-
- unless ( $line =~ /^f/ ) {
- dief("UNKNOWN strange line read from lsof\n");
- # don't print it because it contains NULL characters...
- }
-
- my %fields = map { m/^(.)(.*)$/ ; $1 => $2 } grep { defined $_ and length $_ >1} split /\0/, $line;
-
- my $fd = $fields{f};
- my $inode = $fields{i};
- my $path = $fields{n};
- if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $path =~ m#/\.nfs# || $fd eq 'DEL') {
- my $deleted_in_path = ($path =~ m/\(deleted\)/ || $path =~ m/\.nfs/);
- next if ($deleted_in_path && $fd =~ /^[0-9]*$/); # Ignore deleted files that are open via normal file handles.
- next if ($deleted_in_path && $fd eq 'cwd'); # Ignore deleted directories that we happen to be in.
-
- $path =~ s/^\(deleted\)//; # in some cases "(deleted)" is at the beginning of the string
- for my $i (@{$config->{'ignorelist'}}) {
- my $ignore = eval($i);
- next LINE if $ignore;
- }
- next if ($INVSERVER && ($process eq 'init') && ($pid == 1) && ($user eq 'root'));
- if ( $params->{'verbose'} ) {
- print STDERR "adding $process($pid) because of [$path]:\n";
- print STDERR $line;
- }
- $processes{$user}->{$process}->{$pid} = 1;
- };
-};
-
-
-
-my $message='';
-my $exit = $OK;
-if (keys %processes) {
- $exit = $WARNING;
- $message = 'The following processes have libs linked that were upgraded: '. getUsers()."\n";
-} else {
- $message = "No upgraded libs linked in running processes\n" unless $params->{'quiet'};
-};
-
-print $message;
-exit $exit;