From d9cd7d2002ae3fdf88ef289db65c4aa94ac2a341 Mon Sep 17 00:00:00 2001 From: downtownallday Date: Wed, 15 Dec 2021 09:03:58 -0500 Subject: [PATCH] Add a setup mod to configure unattended-upgrades to email root on failures --- .../unattended-upgrades-mail.sh | 116 ++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100755 setup/mods.available/unattended-upgrades-mail.sh diff --git a/setup/mods.available/unattended-upgrades-mail.sh b/setup/mods.available/unattended-upgrades-mail.sh new file mode 100755 index 00000000..b3c4da5c --- /dev/null +++ b/setup/mods.available/unattended-upgrades-mail.sh @@ -0,0 +1,116 @@ +#!/bin/bash + +# Created by: downtownallday + +# +# This mod will configure ubuntu's "unattended-upgrades" package to +# send email whenever unattended upgrades fail. +# +# When enabling the mod on a mailinabox-ldap installation, you must be +# able to receive mail from root by creating an alias "root@" directed to "administrator@" using the admin +# console. +# +# you can confirm this by running as root on miab-ldap: +# +# setup/ldap.sh -search "(mail=root@$(hostname --fqdn))" +# +# should return something like this: +# dn: cn=b6e5b8cb-78b1-4051-a482-36ef792edae9,ou=aliases,ou=Users,dc=mailinabox +# mail: root@mail.mydomain.com +# cn: b6e5b8cb-78b1-4051-a482-36ef792edae9 +# mailMember: administrator@mail.mydomain.com +# description: Local root mail +# objectClass: mailGroup +# objectClass: namedProperties +# +# +# When enabling the mod on a cloudinabox installation: +# +# a. the ssmtp package must be installed and working (typically it +# has already been configured by setup) +# b. a smart host setup in mailinabox-ldap must be configured so +# that mail from cloudinabox will be accepted. +# +# Configuring a smart host is accomplished by creating a catch-all +# alias "@" with a permitted sender list containing +# the email address that ssmtp is using to authenticate with. The +# forward-to field is empty. +# +# eg. assuming "cloud.mydomain.com" is the hostname of your +# cloudinabox, and "alerts@mydomain.com" is the email address that +# ssmtp is using to authenticate with mailinabox-ldap (see +# /etc/ssmtp/ssmtp.conf), then running this on mailinabox-ldap: +# +# setup/ldap.sh -search "(mail=@cloud.mydomain.com)" +# +# should return two entries that look something like these: +# dn: cn=d7a41a6b-7c7c-4a36-8298-aa11875051db,ou=aliases,ou=Users,dc=mailinabox +# mail: @cloud.mydomain.com +# cn: d7a41a6b-7c7c-4a36-8298-aa11875051db +# description: Smart host setup +# objectClass: mailGroup +# objectClass: namedProperties +# +# dn: cn=03cb077c-ea40-5de1-f656-dc1a321775f8,ou=permitted-senders,ou=Config,dc=mailinabox +# mail: @cloud.mydomain.com +# description: Permitted to MAIL FROM this address +# objectClass: mailGroup +# cn: 03cb077c-ea40-5de1-f656-dc1a321775f8 +# member: alerts@mydomain.com +# #^ uid=c2994711-e92f-5d91-bca7-7995ea66de52,ou=Users,dc=mailinabox +# +# +# To remove this mod, manually edit +# /etc/apt/apt.conf.d/50unattended-upgrades and comment out the line +# "Unattended-Upgrade::Mail" +# + +source setup/functions.sh # load our functions +source /etc/os-release + +changed=false +conf="/etc/apt/apt.conf.d/50unattended-upgrades" + +# install the "mailx" mail client, which is required by the +# unattended-upgrades script. + +if [ ! -x /usr/bin/mailx ]; then + apt_install bsd-mailx + changed=true +fi + +# configure unattended-upgrades to email whenever there is an +# error. Do not overwrite existing settings. + +if ! grep -E "^Unattended-Upgrade::Mail\s+" "$conf" >/dev/null +then + tools/editconf.py "$conf" -s 'Unattended-Upgrade::Mail="root";' + changed=true +fi + + +if [ "$VERSION_CODENAME" = "bionic" ]; then + # Ubuntu 18 (bionic) + if ! grep -E "^Unattended-Upgrade::MailOnlyOnError\s+" "$conf" >/dev/null + then + tools/editconf.py "$conf" -s \ + 'Unattended-Upgrade::MailOnlyOnError="true";' + changed=true + fi + +else + if ! grep -E "^Unattended-Upgrade::MailReport\s+" "$conf" >/dev/null + then + # besides "only-on-error", other options are "always" and "on-change" + tools/editconf.py "$conf" -s \ + 'Unattended-Upgrade::MailReport="only-on-error";' + changed=true + fi +fi + + +if $changed; then + echo "Unattended-upgrades setup mod: email notifications have been enabled" +fi +