Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added OS Security updates (for YUM only so far) #373

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

wimg
Copy link

@wimg wimg commented Aug 7, 2021

Adds OS Security updates, useful when managing tons of servers to avoid notification fatigue caused by non-stop updates of packages.
This way, security updates can be placed in a rule separately from standard os updates.

Submitted the librenms repo part in librenms/librenms#13117

@CLAassistant
Copy link

CLAassistant commented Aug 7, 2021

CLA assistant check
All committers have signed the CLA.

@SourceDoctor
Copy link
Member

why not enhance osupdate plugin with this?
creating another OS Update Plugin makes no sense

@wimg
Copy link
Author

wimg commented Aug 8, 2021

why not enhance osupdate plugin with this?
creating another OS Update Plugin makes no sense

I agree that might make more sense, but not all distros seem to have a reliable way of listing only security updates (apt-based for example seem to have an issue with this) and so modifying the entire osupdate plugin seemed a bit overkill.

Honestly I don't know librenms well enough to get started on that either.

@SourceDoctor
Copy link
Member

osupdate Script returns a Number.
fastest way would be to enhance this to a comma seperated list
and second field stays "Null" if no Sequrity Update Count is possible.

I personaly would prefer a line of this value in existing OS Update graph.
So you can see how many Update are open, and how many of them are Security Updates

take a look into smart Script to see an example

snmp/osupdate Outdated Show resolved Hide resolved
snmp/osupdate Outdated Show resolved Hide resolved
@wimg
Copy link
Author

wimg commented Aug 8, 2021

Not really sure why it was doing :
echo $(($UPDATES-1));
in many places. With yum it's definitely not correct (unless you have some kind of problem with your setup), so I changed that to not do the -1.

Added OS Security updates (for YUM only so far)

Added OS Security updates (for YUM only so far)

Added OS Security updates (for YUM only so far)

Added OS Security updates (for YUM only so far)

Added OS Security updates (for YUM only so far)
@wimg
Copy link
Author

wimg commented Aug 8, 2021

2 things that are not working :

  • The RRD is giving an error because it suddenly has an extra line
  • Alerting (the whole point) doesn't work with comma separated values... so now alerting is broken even for the standard osupdates...

@SourceDoctor
Copy link
Member

yeah updateing RRD is not such easy so do it in a separate RRD

you have to update osupdate Poller in LibreNMS also, so i splits by comma

@wimg
Copy link
Author

wimg commented Aug 8, 2021

yeah updateing RRD is not such easy so do it in a separate RRD

you have to update osupdate Poller in LibreNMS also, so i splits by comma

I did that, but the RRD is a problem of course. Will look into that later this week.

@mpikzink
Copy link
Contributor

mpikzink commented Aug 9, 2021

Very useful feature for us admins!!

Some Idea for APT

apt-get --just-print upgrade |awk '/standard security updates/ {print $1}'

@SourceDoctor
Copy link
Member

@mpikzink
seems to be usefull
@wimg
could you implemnt this also?

so apt and yum are supporting this feature ...

@wimg
Copy link
Author

wimg commented Aug 16, 2021

@wimg
could you implemnt this also?

I will, once I get to it. Currently swamped with other things, so it will take up to a few weeks.

@mpikzink
Copy link
Contributor

Any news here? I am already waiting eagerly for the PR :-)

@wimg
Copy link
Author

wimg commented Jul 12, 2022

After using it for a while, we disabled it. It's often causing timeouts on SNMP, so I wouldn't recommend anything like this. Sadly it seems there won't be a PR coming anymore from us, since it's causing too many problems.
It might be best to look for an alternative solution.

@VVelox
Copy link
Collaborator

VVelox commented Jul 28, 2022

After using it for a while, we disabled it. It's often causing timeouts on SNMP, so I wouldn't recommend anything like this. Sadly it seems there won't be a PR coming anymore from us, since it's causing too many problems. It might be best to look for an alternative solution.

There is a easy fix for this. Run it via cron every 5 minutes every so often and dump the output to a file. Then just have snmpd cat that file.

Sneck, Opensearch, and several of mine require something similar to this as there is a the likely hood of them completing in a timely manner is very unlikely.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants