check updates via nagios

On your clients you have to modify /etc/snmp/snmpd.conf:

com2sec paranoid default public

com2sec readonly default public
exec . aptupdate /usr/local/bin/nagios-check-apt-updates

Get the check script to the client:

# wget --no-check-certificate \ \
-O /usr/local/bin/nagios-check-apt-updates
# chmod +x /usr/local/bin/nagios-check-apt-updates

Allow the snmp user to make use of apt-get:

# echo "snmp  ALL=(ALL) NOPASSWD: /usr/bin/apt-get update" >> /etc/sudoers
# echo "snmp  ALL=(ALL) NOPASSWD: /usr/bin/apt-get --simulate upgrade" >> /etc/sudoers

Restart the snmpd:

# /etc/init.d/snmpd restart
Restarting network management services: snmpd.

On the nagios monitoring system you have to run something like this:

# /usr/lib/nagios/plugins/check_snmp -H <client> -t30 \
-C public -o . \
-r "No updates available"
SNMP CRITICAL - *"Security updates (1): libkrb53; "* | iso."Security updates (1): libkrb53; "

After upgrading the client you should get:

# /usr/lib/nagios/plugins/check_snmp -H <client> -t30 \
-C public -o . \
-r "No updates available"
SNMP OK - "No updates available" | iso."No updates available"