Shell Script for Apt-Get Security Based Updates

Print Friendly

I’ve been slowly working this script into a cheap method of notifying me of updates available for Linux instances (Ubuntu specific) instead of purchased product or managed solution. It’s not fancy, flashy, API driven, cloud hosted, OAuth authenticating, or any other buzzwords. It does work though…

#!/bin/bash

#-------------------------------------------------------------------------------------------------#
#- Name....: checkSecurityupdates.sh
#- Notes...:
#-------------------------------------------------------------------------------------------------#

# create fresh securities file each run
grep "-security" /etc/apt/sources.list | sudo grep -v "#" > /etc/apt/security.sources.list
echo "created security specific source list"


# Create the security file list
echo 'n' | apt-get upgrade -o Dir::Etc::SourceList=/etc/apt/security.sources.list >> /root/securities-to-update.txt
echo "created list of security updates"



# What's the mimetype
get_mimetype(){
  # warning: assumes that the passed file exists
  file --mime-type "$1" | sed 's/.*: //'
}


# some variables

from="SecUpdates-Report@example.com"
to="monitor-this-mailbox@example.com"
subject=`hostname`
boundary="ZZ_/afg6432dfgkl.94531q"
body="Please see attached"
declare -a attachments
attachments=( "securities-to-update.txt" )

# Build headers
{

printf '%s\n' "From: $from
To: $to
Subject: $subject
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=\"$boundary\"

--${boundary}
Content-Type: text/plain; charset=\"US-ASCII\"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

$body
"

# now loop over the attachments, guess the type
# and produce the corresponding part, encoded base64
for file in "${attachments[@]}"; do

  [ ! -f "$file" ] && echo "Warning: attachment $file not found, skipping" >&2 && continue

  mimetype=$(get_mimetype "$file")

  printf '%s\n' "--${boundary}
Content-Type: $mimetype
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=\"$file\"
"

  base64 "$file"
  echo
done

# print last boundary with closing --
printf '%s\n' "--${boundary}--"

} | sendmail -t -oi   
echo "sent security updates list"



# cleanup security files
rm /etc/apt/security.sources.list
rm /root/securities-to-update.txt

Leave a Reply