yum update script

So the other week I have been working on my dedicated box, just to make it a bit easier to work with in the future. One of the things I was trying to understand and learn was yum update and bash scripting. So why not combine the two? Right.. This blog entry is the result, hopefully also of some use to others.

I am on a CentOS 5 (5.2) 32bit Server, and I use yum to automatically update, delete, upgrade, and install packages. This way that's a bit easier for me to run my server and keep it up to date. For example, when there's one or more updates you can type yum update, or yum upgrade to get everything. Anyway, look into that if you're interested. http://prefetch.net/articles/yum.html

So once in a while when you log into your box you can do yum upgrade and have it do it's thing. This should help you fix known bugs, upgrade to newer releases, and fix known security issues. This doesn't sound like a bad thing.

But when I log into SSH2 I am not a root user, and I am there for other tasks, so it is really easy to forget. And because I don't trust to have a crontab entry auto upgrade and overwrite config files, etc .. I prefer to actually "be there" when it happens and have the choice to y/n to questions.

What I can do is install a crontab entry that runs a script daily. This script can check if there are updates, and emails me if that's the case. This way I don't have to think about it really and it just goes to my Gmail "server" label.

In my crontab I put the following:
0 0 * * * /etc/scripts/checkyum

And the checkyum script looks like this:
#!/bin/sh
#
# Program: E-mail available yum updates <checkyum>
#
# Original Author: Matty < matty91 at gmail dot com >
# Updated by Floris for personal use.
#
# Current Version: 1.2.Floris
#
# License:
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#

PATH=/bin:/usr/bin:/sbin:/usr/sbin
export PATH

# Locations of binaries
GREP="/bin/grep"
HOST=`hostname`
MAIL="/bin/mail"
MKTEMP="/bin/mktemp"
YUM="/usr/bin/yum"

# Who to E-mail with new updates
ADMIN="YOUR@EMAIL"

if [ ! -f ${YUM} ]
then
echo "Cannot find ${YUM}"
exit 1
fi

if [ ! -f ${MKTEMP} ]
then
echo "Cannot find ${MKTEMP}"
exit 1
fi

if [ ! -f ${MAIL} ]
then
echo "Cannot find ${MAIL}"
exit 1
fi

if [ ! -f ${GREP} ]
then
echo "Cannot find ${GREP}"
exit 1
fi

# Dump the yum results to a safe working file
WORK=`${MKTEMP} /tmp/yum.results.XXXXXX`

${YUM} -e0 -d0 check-update > ${WORK}

# If there are updates available, E-mail them
if [ -s ${WORK} ]
then
REPORT=`${MKTEMP} /tmp/yum.report.XXXXXX`
echo "==== The following updates are available for ${HOST} ===" > ${REPORT}
cat ${WORK} >> ${REPORT}
cat ${REPORT} | mail YOUR@EMAIL
fi

# Cleanup temporary files
rm ${REPORT} ${WORK}

There's nothing else to it, and every so often you get an email that looks like this:
==== The following updates are available for YOUR_SERVER ===
nss_ldap.i386                            253-13.el5_2.1         updates

Which you can ignore, or you can go into the box, and run yum upgrade to process it.

Hm, I likey!

Next Article: Improving Gmail Security