Auto update check, checks for updates to base system + packages and sends email alerts
-
You don't have to delete them. Filer simply won't do anything if the files are already there. And identical.
-
@stephenw10 said in Auto update check, checks for updates to base system + packages and sends email alerts:
Filer simply won't do anything if the files are already there. And identical.
But the object would be for filer to add the file to the config database.
-
@wgstarks said in Auto update check, checks for updates to base system + packages and sends email alerts:
So if I use filer rather than my usual SFTP for installing custom files they are added to the config which gets backed up by Auto Config Backup correct? So I should delete the current files and re-add them using filer?
I never used 'filer' myself, but yes, that's the beauty of the package :
When you export your config, you export it with packages and package 'settings'.
The filer package settings are, amongst others, the files and the place where they are stored.So, importing the config will import/install the package and will also import the config == settings of the package == big magic : all your private additions (files) are also restored.
For myself, I'm doing things the old fashioned way. Not that I stick dozens of Post-It's on my pfSense (I did that before) but I use the Notes package :
and I add, for every setting and change that I made a
Why / when / what to observe / where to get it, etc.
So, when I have to re-install pfSense, I also re install these Notes, and I have my road-book ready after a phenix event.
Hummmm. Maybe I should have a closer look at this filer package after all. -
@Gertjan
Thanks for the Notes suggestion. I lost a few packages recently and been thinking about creating a pfsense logbook since it looks like some packages in Package Manager don’t get included in backups and I’m willing to bet custom packages that aren’t in package manager won’t be either. This looks like it’s perfect for that. -
@stephenw10
can we make it a package my good sir?
Firewall: NetGate,Palo Alto-VM,Juniper SRX
Routing: Juniper, Arista, Cisco
Switching: Juniper, Arista, Cisco
Wireless: Unifi, Aruba IAP
JNCIP,CCNP Enterprise -
Mmm, I was just thinking that as I wrote it.
No developer time right now though, it would have to be a user PR. For now at least.
-
One tiny PHP file ?
( and a cron entry, which somewhat forces you also to install the Cron package)The overhead of 'official' package maintenance will be way bigger as the 80 or so lines.
Let's keep this the 'read the forum and you'll find a nice hidden forum package ^^' suggestion.
Or : the official way : go here.
It already exists ....edit : Can some one bake this into a System_patch ? I wonder if writing in cron file /etc/cron.d./ for a cron entry would do the trick ....
edit : but actually, it should be here :
Just a button or a set of buttons, one for each notification method, that says :
Do you want to receive a notification when a pfSense upgrade, a pfSense package or a 'core' FreeBSD update is available ?
As soon as one of the notification methods is selected, the cron gets inserted, etc.
edit :
Ok, just for the fun :
-
@Gertjan in my mind , an official way of getting notifications of updates is/should be the required way.
-
This awesome script is only in the forums and not documented in any official capacity.
-
We shouldn’t expect admins to muck around in the filesystem
I’m glad there is a redmine. Maybe one day…..
-
-
@michmoor said in Auto update check, checks for updates to base system + packages and sends email alerts:
This awesome script is only in the forums and not documented in any official capacity.
True.
I'm feeling 'protected' as I'm pretty sure people like jimp would have posted : "don't do this" if these '80 lines' had the slightest effect on security or whatever -
@Gertjan said in Auto update check, checks for updates to base system + packages and sends email alerts:
I'm feeling 'protected' as I'm pretty sure people like jimp would have posted : "don't do this" if these '80 lines' had the slightest effect on security or whatever
I get the concern but then they should ack the redmine. Been noticing a troubling trend around unassigned/unack tickets....
-
M michmoor referenced this topic on
-
J jrey referenced this topic on
-
Fantastic script, and I had no idea about Filer, so easy to setup, just copied the raw code from the gist and used 0755 permissions.
This should definitely be part of the base pfsense configuration.
-
This :
will run the script .... when ... ones ?
You still have to :
Make sure your have the pfSense Cron Package.
Add a cron task that execute the script ones every - when ever you want - per day (week ? month ? hours ?).
And of course, test it and check up with it ones in a while. -
Yes that will run it once but you shouldn't need that. The field allows Filer to run a command after it has added back a file which may be required. This script doesn't need it though. It's run by cron anyway.
-
@Gertjan Yup I setup CRON to run every night.
-
G Gertjan referenced this topic on
-
G Gertjan referenced this topic on
-
I seem to be having problems with this update checker. I first noticed today that it wasn't working at all although there were updates available for pfsense+ as well as system patches. While checking I realized that I wasn't using the latest php from github so I updated it to-
?php require_once("pkg-utils.inc"); require_once("notices.inc"); require_once("util.inc"); $msg = null; $pmsg = null; $p = 0; log_error("Starting update check"); // pfSense base system check $system_version = get_system_pkg_version(false, false); if ($system_version === false) { printf("%s\n", 'Unable to check for updates'); log_error("Unable to check for updates, exiting"); exit; } if (!is_array($system_version) || !isset($system_version['version']) || !isset($system_version['installed_version'])) { printf("%s\n", 'Error in version information'); log_error("Error in version information, exiting"); exit; } switch ($system_version['pkg_version_compare']) { case '<': //printf("%s%s%s\n", "pfSense version ", $system_version['version'], " is available"); $msg = "An update to pfSense version " . $system_version['version'] . " is available\n\n"; break; case '=': //printf("%s%s%s\n", "pfSense version ", $system_version['version'], " (installed) is current"); break; case '>': printf("%s%s%s\n", "pfSense version ", $system_version['installed_version'], " is NEWER than the latest available version ", $system_version['version']); $msg = "pfSense version " . $system_version['version'] . " is available (downgrade)\n\n"; break; default: printf("%s\n", 'Error comparing installed with latest version available'); log_error("Error comparing installed with latest version available"); break; } // package check $package_list = get_pkg_info('all', true, true); $installed_packages = array_filter($package_list, function($v) { return (isset($v['installed']) && isset($v['name'])); }); if (empty($installed_packages)) { printf("%s\n", 'No packages installed'); log_error("No packages installed, exiting"); exit; } foreach ($installed_packages as $pkg) { if (isset($pkg['installed_version']) && isset($pkg['version'])) { //printf("%s%s%s\n", $pkg['shortname'], ': ', $pkg['installed_version']); $version_compare = pkg_version_compare($pkg['installed_version'], $pkg['version']); if ($version_compare != '=') { $p++; $pmsg .= "\n".$pkg['shortname'].': '.$pkg['installed_version'].' ==> '.$pkg['version']; if ($version_compare == '>') { $pmsg .= ' (downgrade)'; } printf("%s%s%s%s%s\n", $pkg['shortname'], ': ', $pkg['installed_version'], ' ==> ', $pkg['version']); } } } if ($p > 0) { $msg = $msg . "The following updates are available and can be installed using System > Package Manager:\n" . $pmsg; } // check for updates to builtin packages exec("/usr/sbin/pkg upgrade -n | /usr/bin/sed -ne '/UPGRADED/,/^$/p'", $output, $retval); if (($retval == 0) && (count($output))) { $msg .= "\n\n" . "Some packages are part of the base system and will not show up in Package Manager. If any such updates are listed below, run `pkg upgrade` from the shell to install them:\n\n"; array_shift($output); $msg .= implode("\n", array_map('ltrim', $output)); } if (!empty($msg)) { log_error("Updates were found - sending email"); notify_via_smtp($msg); // to send alerts to ALL configured targets (email, Pushover, Slack etc) use the line below instead: // notify_all_remote($msg); } log_error("Update check complete"); ?>This yielded a notification for updates available-
Notifications in this message: 1 ================================ 12:00:13 The following updates are available and can be installed using System > Package Manager: System_Patches: 2.2.11_15 ==> 2.2.11_16 Some packages are part of the base system and will not show up in Package Manager. If any such updates are listed below, run `pkg upgrade` from the shell to install them: pfSense-pkg-System_Patches: 2.2.11_15 -> 2.2.11_16 [pfSense]This contains a notification for updated system patches but still nothing for the pfsense+ update.
Using this command in cron-
/usr/local/bin/php -q /root/pkg_check.phpNot sure why pfsense+ update notifications are missing???
Box: SG-4200
-
@wgstarks said in Auto update check, checks for updates to base system + packages and sends email alerts:
?php
This is missing the angle bracket. It should be:
<?php -
@wgstarks If I use your code and run the php command it just echoes the contents of the script to the shell.
The original script gets executed instead but has an escape_filter error.
Ok < was missing at the start but still get the same error.
<pre style="white-space: pre-wrap;">PHP ERROR: Type: 64, File: /home/syslog.inc, Line: 875, Message: Cannot redeclare escape_filter_regex() (previously declared in /home/util.inc:4327)</pre>Interesting looks like it is sensitive to its run path, moving from /home to /root fixes it.
-
@chrcoluk said in Auto update check, checks for updates to base system + packages and sends email alerts:
@wgstarks
Ok < was missing at the start but still get the same error.<pre style="white-space: pre-wrap;">PHP ERROR: Type: 64, File: /home/syslog.inc, Line: 875, Message: Cannot redeclare escape_filter_regex() (previously declared in /home/util.inc:4327)</pre>Interesting looks like it is sensitive to its run path, moving from /home to /root fixes it.
I suspect what it is sensitive to is that you have other files in /home (that should not be there). The include is searching the local directory before /etc/inc.
-
@dennypage
The actual file has the proper <?php. I likely missed it when I copy/pasted for the forum post. -
I installed the system patches updates and now if I run the command I don't get any notifications regarding any updates even though there is a pfsense+ update available.
Also don't get any errors.
