vCheck ====== The idea behind vCheck ("version check") is to automate the process of checking whether a particular piece of server software is up to date, and to do so without requiring any particular packaging system, install scheme, or modifications to the server software. vCheck is intended to be a clean, flexible framework into which quick-and-dirty, software and software-version-specific tests fit. The general pattern is: 1. Hit a service over the network and parse out any protocol or software-specific version identifier. (e.g., Apache/1.2.27) 2. Determine just what kind of software we're dealing with for service, and use a dictionary of URLs and regular expressions to fetch the latest version number of the software from its distribution website. 3. Compare those two versions, and report an error if they differ. Command Line Options -------------------- -t testname --test testname Run the test 'testname'. Options to the test are delimited with colons, and multiple tests can be specified by using multiple -t options. -l softwarename --lookup softwarename --lookupversion softwarename --getversion softwarename Fetch and print the current version for the software 'softwarename' and exit. -V Print the current version number of vCheck and exit. -v --verbose Display detailed progress of operations. --tdir directory --testsdir directory Read in all .vtest files from the given directory on startup. -h name --hostname name Specify the default host name for any network test where no host name is given as part of the test directive. --noownversioncheck Do not check the version of vCheck itself during startup. By default vCheck consults http://www.jasonc.com/code/vcheck/latest.txt to determine whether it is out of date every time it is run. -q --silentsuccess Do not print a message if all tests are successful, i.e., if all software checked was up to date. This is particularly useful when calling vcheck from cron. -r method --reporting method Set the default reporting method for notices of version mismatch. Without this option the default is to report mismatches to stderr. Presently allowed methods are 'stderr' and 'syslog'. Example Invocations ------------------- Perform a network-based SMTP version check against example.com and based upon the SMTP banner check to see whether the software is up to date: ./vcheck --test smtp:example.com Do the same, but with extensive detail about the progress of the check: ./vcheck --test smtp:example.com -v Perform an network-based HTTP version check against example.com and determine whether the HTTP software is up to date. This test will end up checking both Apache and mod_perl version numbers: ./vcheck --test http:example.com Check HTTP, SMTP, SSH, and DNS on example.com: ./vcheck -h example.com -t http -t smtp -t ssh -t dns Check HTTP, SMTP, SSH, and DNS on example.com. Log version mismatches to syslog, except in the case of SSH where they should go to stderr. (in a crontab that would result in an email message to the MAILTO recipient) In case everything is up to date, generate no output. ./vcheck -h example.com -t http -t smtp -t ssh:::stderr -t dns -r syslog -q Check the local sendmail and apache versions and log to syslog: ./vcheck -t local-sendmail -t local-apache -r syslog Check the local sendmail version based on a specific executable: ./vcheck -t local-sendmail:/usr/local/sendmail/bin/sendmail Features -------- Tests account for the possibility that there may be different "latest" versions depending upon what branch or major revision you're choosing to run. (e.g., Apache 1.x vs. Apache 2.x, BIND 8.x vs BIND 9.x) The test will attempt to determine which major revision you are using and compare against the latest version number of that revision, not simply the latest version number overall. Local versions of some tests can operate against executables or other local data to get the version number of software in use. This is useful in the common case where you deliberately obscure software versions in service/protocol banners and the like. A small set of default tests and recipes for getting the latest version number for various pieces of software are delivered within the vCheck script itself, and other recipes and tests can be loaded from .vtest files. Errors / version mismatches can be directed to stderr, syslog, or email. I have a few other features in mind to help cope with the latest-version-number recipes breaking due to website changes -- watch the website for details. vCheck is Copyright 2003 Jason D. Campbell and is distributed under the terms of the GNU GPL. See the "LICENSE" section below for more detail. Jason Campbell jasonc@jasonc.com www.jasonc.com/code/vcheck Initial vCheck release, version 0.1, 17 July 2003, San Francisco, CA LICENSE ======= vCheck is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. vCheck is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA See the file COPYING, which should have been included in the vCheck distribution you received, for more details on the terms under which this software is distributed.