add check_reboot_required

Co-authored-by: Copilot <copilot@github.com>

files/nrpe/check_reboot_required

@@ -0,0 +1,106 @@
+#!/bin/bash
+#
+# Nagios/Icinga2 plugin to check if the system requires a reboot.
+#
+# Supported distributions:
+#   - Debian / Ubuntu : checks /run/reboot-required (written by unattended-upgrades
+#     or update-notifier after kernel/libc upgrades)
+#
+# Exit codes:
+#   0 - OK       : No reboot required.
+#   1 - WARNING  : (not used)
+#   2 - CRITICAL : System needs to be rebooted.
+#   3 - UNKNOWN  : Cannot determine reboot status.
+#
+# Usage: check_reboot_required [-v] [-r]
+#   -v  Verbose: also print the list of packages that triggered the requirement.
+#   -r  Reset: remove /run/reboot-required (and .pkgs) to clear the alert.
+#       Requires root privileges (or sudo).
+#
+
+# --- Nagios exit codes ---
+STATE_OK=0
+STATE_WARNING=1
+STATE_CRITICAL=2
+STATE_UNKNOWN=3
+
+VERBOSE=0
+RESET=0
+
+while getopts "vr" opt; do
+    case $opt in
+        v) VERBOSE=1 ;;
+        r) RESET=1 ;;
+        *) echo "Usage: $0 [-v] [-r]"; exit $STATE_UNKNOWN ;;
+    esac
+done
+
+# -----------------------------------------------------------------------
+# Reset: remove /run/reboot-required to clear the alert
+# -----------------------------------------------------------------------
+if [ "$RESET" -eq 1 ]; then
+    if [ ! -f /run/reboot-required ]; then
+        echo "OK: /run/reboot-required does not exist, nothing to clear."
+        exit $STATE_OK
+    fi
+    rm -f /run/reboot-required /run/reboot-required.pkgs 2>/dev/null
+    if [ $? -eq 0 ]; then
+        echo "OK: /run/reboot-required cleared successfully."
+        exit $STATE_OK
+    else
+        echo "UNKNOWN: Failed to remove /run/reboot-required (permission denied?)"
+        exit $STATE_UNKNOWN
+    fi
+fi
+
+# -----------------------------------------------------------------------
+# Helper: build a human-readable package list from /run/reboot-required.pkgs
+# -----------------------------------------------------------------------
+_debian_pkg_list() {
+    local pkgs_file="/run/reboot-required.pkgs"
+    if [ -f "$pkgs_file" ] && [ -s "$pkgs_file" ]; then
+        # Deduplicate, sort, join on commas
+        sort -u "$pkgs_file" | tr '\n' ',' | sed 's/,$//' | sed 's/,/, /g'
+    else
+        echo "(package list unavailable)"
+    fi
+}
+
+# -----------------------------------------------------------------------
+# Debian / Ubuntu path
+# -----------------------------------------------------------------------
+if [ -f /run/reboot-required ]; then
+    if [ "$VERBOSE" -eq 1 ]; then
+        pkg_list=$(_debian_pkg_list)
+        echo "CRITICAL: Reboot required. Triggering packages: ${pkg_list}"
+    else
+        echo "CRITICAL: Reboot required."
+    fi
+    exit $STATE_CRITICAL
+fi
+
+# -----------------------------------------------------------------------
+# Fallback: compare running kernel with installed kernel
+# -----------------------------------------------------------------------
+running_kernel=$(uname -r)
+
+# Try Debian/Ubuntu kernel package name
+if command -v dpkg >/dev/null 2>&1; then
+    installed_kernel=$(dpkg -l "linux-image-*" 2>/dev/null \
+        | awk '/^ii/{print $2}' \
+        | sed 's/linux-image-//' \
+        | grep -E '^[0-9]' \
+        | sort -V \
+        | tail -1)
+
+    if [ -n "$installed_kernel" ] && [ "$installed_kernel" != "$running_kernel" ]; then
+        echo "CRITICAL: Reboot required. Running kernel: ${running_kernel}, latest installed: ${installed_kernel}."
+        exit $STATE_CRITICAL
+    elif [ -n "$installed_kernel" ]; then
+        echo "OK: No reboot required. Running kernel: ${running_kernel}."
+        exit $STATE_OK
+    fi
+fi
+
+echo "UNKNOWN: Unable to determine if a reboot is required on this system."
+exit $STATE_UNKNOWN

templates/nrpe.j2

@@ -20,6 +20,7 @@ command[check_proc_age_{{ process }}]=/usr/lib/nagios/plugins/check_proc_age -p
 {% endif %}
 command[check_systemd_failed]=/usr/lib/nagios/plugins/check_systemd_failed
 command[check_needrestart]=/usr/lib/nagios/plugins/check_needrestart
+command[check_reboot_required]=/usr/lib/nagios/plugins/check_reboot_required
 
 # disk
 #   -w <%>: Warning threshold for block usage.