Auto update check, checks for updates to base system + packages and sends email alerts

wgstarks

@stephenw10 said in Auto update check, checks for updates to base system + packages and sends email alerts:

That's not a pfSense package so it won't be added when restoring a config unless you've used the filer pkg.

Thanks. The filer package looks like it could be useful. I’ll have to install it and give it a try.

MarinSNB

To clarify, if there are no updates to any of the packages, does this script still send an email at the times as specified in your cron job? Thanks!

wgstarks

@MarinSNB said in Auto update check, checks for updates to base system + packages and sends email alerts:

To clarify, if there are no updates to any of the packages, does this script still send an email at the times as specified in your cron job? Thanks!

No. At least not in my case. I only get an email when an update exists.

wgstarks

@stephenw10 said in Auto update check, checks for updates to base system + packages and sends email alerts:

That's not a pfSense package so it won't be added when restoring a config unless you've used the filer pkg.

This question is way off topic for this thread (apologies) but since it looks like the filer pkg docs have been removed from pfsense docs perhaps you can tell me how to use filer to modify what is backed up by the auto config backup? I see a sync tab but the help link just links back to the full pfsense docs.

MarinSNB

@wgstarks sounds good! That is what is am finding out here too! Thanks much!

Gertjan

@MarinSNB said in Auto update check, checks for updates to base system + packages and sends email alerts:

To clarify, if there are no updates to any of the packages, does this script still send an email at the times as specified in your cron job? Thanks!

It's 'open source' ;)

As the script language is somewhat backed up English, it says :

If the 'message' ($msg) is not empty (so there was a message ! == thing to update/upgrade) then
87) log a message in to system log ( here : StatusSystem LogsSystemGeneral )
88) show the message on the command line (visible if you executed the command yourself)
89) and... send/notify the message by mail.

I 'see' you thinking : is it really that simple ? Yes, it is.

stephenw10

@wgstarks It stores custom files base64 encoded in the config. So you could use it to store the pkg_check.php file and it would be restore into a system when you restore the config. Though you might need to do it in several steps or manually save since the first boot would install the Filer package.

wgstarks

@stephenw10 said in Auto update check, checks for updates to base system + packages and sends email alerts:

@wgstarks It stores custom files base64 encoded in the config. So you could use it to store the pkg_check.php file and it would be restore into a system when you restore the config. Though you might need to do it in several steps or manually save since the first boot would install the Filer package.

So if I use filer rather than my usual SFTP for installing custom files they are added to the config which gets backed up by Auto Config Backup correct? So I should delete the current files and re-add them using filer?

stephenw10

You don't have to delete them. Filer simply won't do anything if the files are already there. And identical.

wgstarks

@stephenw10 said in Auto update check, checks for updates to base system + packages and sends email alerts:

Filer simply won't do anything if the files are already there. And identical.

But the object would be for filer to add the file to the config database.

Gertjan

@wgstarks said in Auto update check, checks for updates to base system + packages and sends email alerts:

So if I use filer rather than my usual SFTP for installing custom files they are added to the config which gets backed up by Auto Config Backup correct? So I should delete the current files and re-add them using filer?

I never used 'filer' myself, but yes, that's the beauty of the package :
When you export your config, you export it with packages and package 'settings'.
The filer package settings are, amongst others, the files and the place where they are stored.

So, importing the config will import/install the package and will also import the config == settings of the package == big magic : all your private additions (files) are also restored.

For myself, I'm doing things the old fashioned way. Not that I stick dozens of Post-It's on my pfSense (I did that before) but I use the Notes package :

and I add, for every setting and change that I made a
Why / when / what to observe / where to get it, etc.
So, when I have to re-install pfSense, I also re install these Notes, and I have my road-book ready after a phenix event.
Hummmm. Maybe I should have a closer look at this filer package after all.

wgstarks

@Gertjan
Thanks for the Notes suggestion. I lost a few packages recently and been thinking about creating a pfsense logbook since it looks like some packages in Package Manager don’t get included in backups and I’m willing to bet custom packages that aren’t in package manager won’t be either. This looks like it’s perfect for that.

michmoor

@stephenw10
can we make it a package my good sir?

stephenw10

Mmm, I was just thinking that as I wrote it.

No developer time right now though, it would have to be a user PR. For now at least.

Gertjan

@michmoor

One tiny PHP file ?
( and a cron entry, which somewhat forces you also to install the Cron package)

The overhead of 'official' package maintenance will be way bigger as the 80 or so lines.
Let's keep this the 'read the forum and you'll find a nice hidden forum package ^^' suggestion.
Or : the official way : go here.
It already exists ....

edit : Can some one bake this into a System_patch ? I wonder if writing in cron file /etc/cron.d./ for a cron entry would do the trick ....

edit : but actually, it should be here :

Just a button or a set of buttons, one for each notification method, that says :

Do you want to receive a notification when a pfSense upgrade, a pfSense package or a 'core' FreeBSD update is available ?

As soon as one of the notification methods is selected, the cron gets inserted, etc.

edit :
Ok, just for the fun :

michmoor

@Gertjan in my mind , an official way of getting notifications of updates is/should be the required way.

1. This awesome script is only in the forums and not documented in any official capacity.

2. We shouldn’t expect admins to muck around in the filesystem

I’m glad there is a redmine. Maybe one day…..

Gertjan

@michmoor said in Auto update check, checks for updates to base system + packages and sends email alerts:

This awesome script is only in the forums and not documented in any official capacity.

True.
I'm feeling 'protected' as I'm pretty sure people like jimp would have posted : "don't do this" if these '80 lines' had the slightest effect on security or whatever

michmoor

@Gertjan said in Auto update check, checks for updates to base system + packages and sends email alerts:

I'm feeling 'protected' as I'm pretty sure people like jimp would have posted : "don't do this" if these '80 lines' had the slightest effect on security or whatever

I get the concern but then they should ack the redmine. Been noticing a troubling trend around unassigned/unack tickets....

tariqali

Fantastic script, and I had no idea about Filer, so easy to setup, just copied the raw code from the gist and used 0755 permissions.

This should definitely be part of the base pfsense configuration.

Gertjan

@tariqali

This :

will run the script .... when ... ones ?

You still have to :
Make sure your have the pfSense Cron Package.
Add a cron task that execute the script ones every - when ever you want - per day (week ? month ? hours ?).
And of course, test it and check up with it ones in a while.