Bash script to notify available apt upgrades via slack.
The bash script simply retrieve new lists of packages via apt-get update
and then calls apt-get upgrade --simulate
to check for available upgrades.
If the result of the simulation looks like
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
we are done. If there would be more than "0 upgraded" packages, we'll send the Slack notification.
Note: You need to be root
on your server because apt-get update
must run as root.
-
Save
slack-notify-apt-upgrade.sh
to your server, for example within/root/scripts/
-
chmod u+x slack-notify-apt-upgrade.sh
-
Create an incoming webhook for Slack (see https://api.slack.com/incoming-webhooks)
-
Open the script with your editor and update the configuration section:
- your Slack webhook url
- the slack channel to which the notification should be sent to
- (optional) a username
-
As
root
user edit your cronjobs withcrontab -e
and add a line like this to call the script twice a day:0 6,20 * * * /root/scripts/slack-notify-apt-upgrade.sh > /dev/null 2>&1
That's it.
Remeber to rename it and remove the .sh extension The cronjobs in /etc/cron.hourly (and the other, similar directories) are executed by run-parts. run-parts is a little picky about filenames. By default it doesn't execute files whose filenames contain anything other than (all of those from ASCII)
uppercase letters lowercase letters digits underscores dashes ("minus signs") So if your script has a filename of for example "myscript.sh", it just is ignored, because run-parts does not like the dot. https://askubuntu.com/questions/611336/why-putting-a-script-in-etc-cron-hourly-is-not-working
- Modify the
color
attribute of the Slack message due to the existence of security related upgrades (at the moment it's always "danger"). - Cache the result of the simulation in a file to avoid resending the identical message over and over.
- ...