diff --git a/files/nrpe/check_reboot_required b/files/nrpe/check_reboot_required new file mode 100755 index 0000000..08110e9 --- /dev/null +++ b/files/nrpe/check_reboot_required @@ -0,0 +1,106 @@ +#!/bin/bash +# +# Nagios/Icinga2 plugin to check if the system requires a reboot. +# +# Supported distributions: +# - Debian / Ubuntu : checks /run/reboot-required (written by unattended-upgrades +# or update-notifier after kernel/libc upgrades) +# +# Exit codes: +# 0 - OK : No reboot required. +# 1 - WARNING : (not used) +# 2 - CRITICAL : System needs to be rebooted. +# 3 - UNKNOWN : Cannot determine reboot status. +# +# Usage: check_reboot_required [-v] [-r] +# -v Verbose: also print the list of packages that triggered the requirement. +# -r Reset: remove /run/reboot-required (and .pkgs) to clear the alert. +# Requires root privileges (or sudo). +# + +# --- Nagios exit codes --- +STATE_OK=0 +STATE_WARNING=1 +STATE_CRITICAL=2 +STATE_UNKNOWN=3 + +VERBOSE=0 +RESET=0 + +while getopts "vr" opt; do + case $opt in + v) VERBOSE=1 ;; + r) RESET=1 ;; + *) echo "Usage: $0 [-v] [-r]"; exit $STATE_UNKNOWN ;; + esac +done + +# ----------------------------------------------------------------------- +# Reset: remove /run/reboot-required to clear the alert +# ----------------------------------------------------------------------- +if [ "$RESET" -eq 1 ]; then + if [ ! -f /run/reboot-required ]; then + echo "OK: /run/reboot-required does not exist, nothing to clear." + exit $STATE_OK + fi + rm -f /run/reboot-required /run/reboot-required.pkgs 2>/dev/null + if [ $? -eq 0 ]; then + echo "OK: /run/reboot-required cleared successfully." + exit $STATE_OK + else + echo "UNKNOWN: Failed to remove /run/reboot-required (permission denied?)" + exit $STATE_UNKNOWN + fi +fi + +# ----------------------------------------------------------------------- +# Helper: build a human-readable package list from /run/reboot-required.pkgs +# ----------------------------------------------------------------------- +_debian_pkg_list() { + local pkgs_file="/run/reboot-required.pkgs" + if [ -f "$pkgs_file" ] && [ -s "$pkgs_file" ]; then + # Deduplicate, sort, join on commas + sort -u "$pkgs_file" | tr '\n' ',' | sed 's/,$//' | sed 's/,/, /g' + else + echo "(package list unavailable)" + fi +} + +# ----------------------------------------------------------------------- +# Debian / Ubuntu path +# ----------------------------------------------------------------------- +if [ -f /run/reboot-required ]; then + if [ "$VERBOSE" -eq 1 ]; then + pkg_list=$(_debian_pkg_list) + echo "CRITICAL: Reboot required. Triggering packages: ${pkg_list}" + else + echo "CRITICAL: Reboot required." + fi + exit $STATE_CRITICAL +fi + +# ----------------------------------------------------------------------- +# Fallback: compare running kernel with installed kernel +# ----------------------------------------------------------------------- +running_kernel=$(uname -r) + +# Try Debian/Ubuntu kernel package name +if command -v dpkg >/dev/null 2>&1; then + installed_kernel=$(dpkg -l "linux-image-*" 2>/dev/null \ + | awk '/^ii/{print $2}' \ + | sed 's/linux-image-//' \ + | grep -E '^[0-9]' \ + | sort -V \ + | tail -1) + + if [ -n "$installed_kernel" ] && [ "$installed_kernel" != "$running_kernel" ]; then + echo "CRITICAL: Reboot required. Running kernel: ${running_kernel}, latest installed: ${installed_kernel}." + exit $STATE_CRITICAL + elif [ -n "$installed_kernel" ]; then + echo "OK: No reboot required. Running kernel: ${running_kernel}." + exit $STATE_OK + fi +fi + +echo "UNKNOWN: Unable to determine if a reboot is required on this system." +exit $STATE_UNKNOWN diff --git a/templates/nrpe.j2 b/templates/nrpe.j2 index 60437e3..d2a8a9f 100644 --- a/templates/nrpe.j2 +++ b/templates/nrpe.j2 @@ -20,6 +20,7 @@ command[check_proc_age_{{ process }}]=/usr/lib/nagios/plugins/check_proc_age -p {% endif %} command[check_systemd_failed]=/usr/lib/nagios/plugins/check_systemd_failed command[check_needrestart]=/usr/lib/nagios/plugins/check_needrestart +command[check_reboot_required]=/usr/lib/nagios/plugins/check_reboot_required # disk # -w <%>: Warning threshold for block usage.