Scripts/VPS/AptUpdateWatcher.sh

#!/bin/bash

# This script updates the apt database if running as root and retrieves the number of upgradable packages.
# If the count is high enough or if some important packages can be upgraded, inform the administrator.


while getopts ":c:p:h" option; do
	case ${option} in
		c )
			trigger_count=$OPTARG
			;;
		p )
			# Add each matching option to the array
			key_packages+=("$OPTARG")
			;;
		h | \? | : )
			echo "Usage : AptUpdateWatcher [-c count] [-p package matching regex] [-h] [-?]"
			echo "	-c : Change the minimum count of upgradable packages before sending a warning"
			echo "	-p : Add an expression to watch for important packages. If a package matching this option is found, send a warning"
			echo "	-h/-? : Prints this message"
			exit 1
			;;
	esac
done

# Use default options if nothing provided

if [ -z "$trigger_count" ]; then
	trigger_count=20
fi

if [ -z "$key_packages" ]; then
	key_packages=( "ssh" "ssl" "apache" "kernel" "linux-image" "syncthing" "wireguard" )
fi


if [ "$EUID" -eq 0 ]; then
	apt-get update
fi

upgradable_packages="$(apt-get -s -V upgrade | grep -e'=>')"
upgradable_count=$(echo "$upgradable_packages" | wc -l)

if [ $upgradable_count -gt $trigger_count ]; then
	output="There are more than $trigger_count packages ready to upgrade ($upgradable_count packages):\n"
	output+="$upgradable_packages\n\n"
fi

for expression in "${key_packages[@]}"; do
	matching_packages=$(echo "$upgradable_packages" | grep -e"$expression")
	if [ -n "$matching_packages" ]; then
		output+="Packages matching the expression '""$expression""' can be upgraded: \n"
		output+="$matching_packages\n\n"
	fi
done

if [ -n "$output" ]; then
	output="The Apt Update Watcher has been triggered.\n\n""$output"

	echo -e "$output" | mail -aFrom:"$mail_sender" -s "[$(uname -n)] APT update warning $(date +%D-%Hh%M)" "$mail_recipients"
fi