zshfunc/upgrade-debian-samhain


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

## vim:ft=zsh:foldmethod=marker

local i

for i in $DEBHOSTS; do
	mkdir hosts/$i 2> /dev/null || continue;
	echo $i
	preexec $i;
	ssh $i -t '
		didsudo=0
		check() {
			sudo /usr/sbin/samhain -t check -i -p err -s none -l none -m none
		};
		reinit() {
			if [ "`check 2>&1 | grep "^CRIT" | wc -l`" != 0 ]; then
				echo Updating samhain db...
				sudo samhain --foreground -t update
				didsudo=1
				echo done.
			fi
		}
		if [ -x /usr/sbin/samhain ]; then
			t="`tempfile`";
			trap "rm -f $t" 0 1 2 5 15;
			check > "$t" 2>&1;
			if [ "`grep "^CRIT" "$t" | wc -l`" != 0 ]; then
				echo "samhain db errors found:";
				sed -e "s/.*path=<\([^>]*\)>, .*/\1/" "$t";
				echo;
				echo "Enter 'y' to continue upgrade and update samhaindb for `hostname`";
				read ans;
				[ "$ans" = "y" ] || exit;
			fi;
		fi
		sudo apt-get update &&
		sudo apt-get dist-upgrade &&
		sudo apt-get clean &&
		[ -x /usr/sbin/samhain ] && reinit
		if [ "$didsudo" = 1 ]; then
			echo Updating nagios status
			echo "apt"
			sudo /usr/sbin/dsa-update-apt-status
			echo "samhain"
			grep -q OK /var/cache/dsa/nagios/samhain || sudo dsa-update-samhain-status
			echo done.
		fi
	';
done