Home Directory Plugins Clustering and High-Availability check_yum.pl (Advanced Nagios Plugins Collection)

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com


Remember Me

Directory Tree

check_yum.pl (Advanced Nagios Plugins Collection)

1 vote
Compatible With
  • Nagios 1.x
  • Nagios 2.x
  • Nagios 3.x
  • Nagios 4.x
  • Nagios XI
Network Monitoring Software - Download Nagios XI
Log Management Software - Nagios Log Server - Download
Netflow Analysis Software - Nagios Network Analyzer - Download
Nagios Plugin to check Yum security updates on RHEL5/6/7 based servers
Part of the Advanced Nagios Plugins Collection

Download it here:



Nagios Plugin to check Yum security updates on RHEL5/6/7 based servers

This is a rewrite of my original Python version for RHEL5 from early 2008

Code is much shorter, a third the number of lines, and leverages my personal library for better validation, option/usage and self timeout handling

See also: check_yum.py (the original, also part of the Advanced Nagios Plugins Collection)

Tested on CentOS 5 / 6 / 7

usage: check_yum.pl [ options ]

-A --all-updates Does not distinguish between security and non-security updates, but returns critical for any available update. This may be used if the yum security plugin is absent or you want
to maintain every single package at the latest version. You may want to use --warn-on-any-update instead of this option
-W --warn-on-any-update Warns if there are any (non-security) package updates available. By default only warns when security related updates are available. If --all-updates is used, then this option
is redundant as --all-updates will return a critical result on any available update, whereas using this switch still allows you to differentiate between the severity of
-C --cache-only Run entirely from cache and do not update the cache when running yum. Useful if you have 'yum makecache' cronned so that the nagios check itself doesn't have to do it, possibly
speeding up execution (by 1-2 seconds in tests)
-N --no-warn-on-lock Return OK instead of WARNING when yum is locked and fails to check for updates due to another instance running. This is not recommended from the security standpoint, but may be
wanted to reduce the number of alerts that may intermittently pop up when someone is running yum for package management
-e --enablerepo Explicitly enables a repository when calling yum. Can take a comma separated list of repositories
-d --disablerepo Explicitly disables a repository when calling yum. Can take a comma separated list of repositories
-t --timeout Timeout in secs (default: 10)
-v --verbose Verbose mode (-v, -vv, -vvv ...)
-h --help Print description and usage options
-V --version Print version and exit
Reviews (1)
byxoroz, January 12, 2017
wish I could have warning critical threshold, rewrote a simple version in bash :)

#Felipe Ferreira Jan 2017
# First lets chceck if yum --security exists and works

#MAKE SURE yum-security is installed
yum --security version >/dev/null 2>&1 || { echo "I require yum-security but it's not installed. Aborting." >&2; exit 1; }

if [[ $2 ]]; then
echo "UNKONW - Please pass arguments, number of security patches missing it should warn or crit $0 "
exit 3

A=$(yum -C --security check-update |grep " needed for security")
C=$(echo $A|awk '{ print $1 }')

if [ "$C" -gt "$CRIT" ]; then
echo "CRITICAL - $A | sec=$C"
exit 2
elif [ "$C" -gt "$WARN" ]; then
echo "WANING - $A | sec=$C"
exit 1

echo "OK - $A | sec=$C"
exit 0