#!/usr/bin/bash # (C) 2006 Mark Boddington, http://www.badpenguin.co.uk # Licensed under the GNU GPL Version 2. # This script should be run from cron and the output mailed to a sysadmin # It downloads the latest security cluster readme and any new patches that # have been added since the last check. # You must start with a recommended patch cluster and a sorted README for # that cluster called cluster-9-recommended-. # The first time you run the script that file will be used for the diff. # # 1. download the current security cluster. # 2. download the cluster README # 3. cat cluster README and pipe to sort, to get the patch list # $ cat README | egrep "^[0-9][0-9]+\-[0-9][0-9] " | sort -n \ # > cluster-9-recommended- # 4. That's it, your ready to run the script. # # Updated patches will be placed in a directory called UPDATES- PATH=/bin:/sbin:/usr/local/bin/ Sol9URL="http://192.18.108.60/clusters/9_Recommended.README" user="your-sunsolve-user" pass="your-sunsolve-pass" workdir="/var/patch" filename=$( date +${workdir}/9_Recommended.%Y%m%d ) lastfile=$( ls -rt ${workdir}/cluster* | tail -1 ) tstamp=$( date +%Y%m%d ) currfile="${workdir}/cluster-${tstamp}" wget -q -O $filename $Sol9URL # Solaris 9 egrep doesn't support matching {n} occurencies # cat $filename | egrep "^[0-9]{6}-[0-9]{2}" | sort -n > $currfile cat $filename | egrep "^[0-9][0-9]+\-[0-9][0-9] " | sort -n > $currfile echo "Output cluster differencies ( > are from the new cluster )" diff $lastfile $currfile ret=$? echo "Output complete " if [ "$ret" -eq "1" ] then updateDir="${workdir}/UPDATE-${tstamp}" mkdir $updateDir echo -e "\nDownloading Updates to $updateDir" echo -e "Check ${updateDir}/wget.log for details" for patch in $( diff $lastfile $currfile | grep ">" | awk '{ print $2 }' ) do wget --http-user=${user} --http-passwd=${pass} -O ${updateDir}/${patch}.zip \ "http://sunsolve.sun.com/private-cgi/pdownload.pl?target=${patch}&method=h" \ >> ${updateDir}/wget.log 2>&1 done else echo -e "\nNo Updates available" fi