Check rpm-updates

Overview

Checks for available RPM package updates on RHEL, CentOS, Fedora, and compatible systems. Reports the number and type of available advisories (bugfix, enhancement, security). This check only lists updates and never actually installs anything.

Important Notes:

  • The --query parameter accepts an SQL WHERE clause to filter the list of available updates. The following database columns can be used:

    • arch (TEXT)

    • package (TEXT)

    • repo_installed (TEXT)

    • repo_upgrade (TEXT)

    • version_installed (TEXT)

    • version_upgrade (TEXT)

  • The „Type“ column in the output lists the type of update for each intermediate version. Abbreviation meanings:

    • B: Bugfix

    • E: Enhancement

    • S: Security

    • U: Unspecified

    • no character: unknown

Data Collection:

  • Executes yum list --upgrades, yum list --installed, and yum updateinfo list --available

  • Stores all package and advisory information in a local SQLite database for SQL-based filtering via --query

  • Plugin execution may take more than 10 seconds due to yum operations (default timeout: 120 seconds)

Fact Sheet

Fact

Value

Check Plugin Download

https://github.com/Linuxfabrik/monitoring-plugins/tree/main/check-plugins/rpm-updates

Nagios/Icinga Check Name

check_rpm_updates

Check Interval Recommendation

Every day

Can be called without parameters

Yes

Runs on

Linux

Compiled for Windows

No

Uses SQLite DBs

$TEMP/linuxfabrik-monitoring-plugins-rpm-updates.db

Help

usage: rpm-updates [-h] [-V] [--always-ok] [--only-critical] [--query QUERY]
                   [--test TEST] [--timeout TIMEOUT] [-w WARN]

Checks for available RPM package updates on RHEL, CentOS, Fedora, and
compatible systems. Reports the number and type of available advisories
(bugfix, enhancement, security). Alerts when updates are available. This check
only lists updates and never actually installs anything.

options:
  -h, --help          show this help message and exit
  -V, --version       show program's version number and exit
  --always-ok         Always returns OK.
  --only-critical     Only report security updates and upgrades.
  --query QUERY       SQL WHERE clause to filter the list of available
                      updates. Supports regular expressions via a REGEXP
                      statement. See the README for a list of available
                      columns. If specified, a list of matching updates is
                      printed. Example: `--query='package like "bind9-%"'`.
                      Default: 1
  --test TEST         For unit tests. Needs "path-to-stdout-file,path-to-
                      stderr-file,expected-retc".
  --timeout TIMEOUT   Network timeout in seconds. Default: 120 (seconds)
  -w, --warning WARN  Minimum number of available updates to return WARNING.
                      Default: 1

Usage Examples

./rpm-updates --only-critical --query='package in ("audit", "bind-utils", "gcc-c++")'

Output:

30 updates available. [WARNING]

Package    ! Installed     ! Upgrade to           ! Type 
-----------+---------------+----------------------+------
audit      ! 3.0.7-5       ! 3.1.2-1              ! B    
bind-utils ! 32:9.11.36-11 ! 32:9.11.36-16.el8_10 !      
gcc-c++    ! 8.5.0-20      ! 8.5.0-26             ! BSB

States

  • OK if the number of available updates is below --warning.

  • WARN if the number of updatable packages meets or exceeds --warning (default: 1).

  • --always-ok suppresses all alerts and always returns OK.

Perfdata / Metrics

Name

Type

Description

updates

Number

Number of updatable packages matching the current --query.

Credits, License