diff --git a/agents/patchmon-agent.sh b/agents/patchmon-agent.sh index 08fce7b..a760a7b 100755 --- a/agents/patchmon-agent.sh +++ b/agents/patchmon-agent.sh @@ -644,16 +644,31 @@ get_yum_packages() { fi # Get upgradable packages - local upgradable=$($package_manager check-update 2>/dev/null | grep -v "^$" | grep -v "^Loaded" | grep -v "^Last metadata" | tail -n +2) + local upgradable=$($package_manager check-update 2>/dev/null | grep -v "^$" | grep -v "^Loaded" | grep -v "^Last metadata" | grep -v "^Security" | tail -n +2) while IFS= read -r line; do + # Skip empty lines and lines with special characters + [[ -z "$line" ]] && continue + [[ "$line" =~ ^[[:space:]]*$ ]] && continue + if [[ "$line" =~ ^([^[:space:]]+)[[:space:]]+([^[:space:]]+)[[:space:]]+([^[:space:]]+) ]]; then local package_name="${BASH_REMATCH[1]}" local available_version="${BASH_REMATCH[2]}" local repo="${BASH_REMATCH[3]}" + # Sanitize package name and versions (remove any control characters) + package_name=$(echo "$package_name" | tr -d '[:cntrl:]' | sed 's/[^a-zA-Z0-9._+-]//g') + available_version=$(echo "$available_version" | tr -d '[:cntrl:]' | sed 's/[^a-zA-Z0-9._+-]//g') + repo=$(echo "$repo" | tr -d '[:cntrl:]') + + # Skip if package name is empty after sanitization + [[ -z "$package_name" ]] && continue + # Get current version - local current_version=$($package_manager list installed "$package_name" 2>/dev/null | grep "^$package_name" | awk '{print $2}') + local current_version=$($package_manager list installed "$package_name" 2>/dev/null | grep "^$package_name" | awk '{print $2}' | tr -d '[:cntrl:]' | sed 's/[^a-zA-Z0-9._+-]//g') + + # Skip if we couldn't get current version + [[ -z "$current_version" ]] && current_version="unknown" local is_security_update=false if echo "$repo" | grep -q "security"; then @@ -674,10 +689,22 @@ get_yum_packages() { local installed=$($package_manager list installed 2>/dev/null | grep -v "^Loaded" | grep -v "^Installed" | head -100) while IFS= read -r line; do + # Skip empty lines + [[ -z "$line" ]] && continue + [[ "$line" =~ ^[[:space:]]*$ ]] && continue + if [[ "$line" =~ ^([^[:space:]]+)[[:space:]]+([^[:space:]]+) ]]; then local package_name="${BASH_REMATCH[1]}" local version="${BASH_REMATCH[2]}" + # Sanitize package name and version + package_name=$(echo "$package_name" | tr -d '[:cntrl:]' | sed 's/[^a-zA-Z0-9._+-]//g') + version=$(echo "$version" | tr -d '[:cntrl:]' | sed 's/[^a-zA-Z0-9._+-]//g') + + # Skip if package name is empty after sanitization + [[ -z "$package_name" ]] && continue + [[ -z "$version" ]] && version="unknown" + # Check if this package is not in the upgrade list if ! echo "$upgradable" | grep -q "^$package_name "; then if [[ "$first_ref" == true ]]; then diff --git a/agents/patchmon_install.sh b/agents/patchmon_install.sh index 1d63ca4..e84b2bc 100644 --- a/agents/patchmon_install.sh +++ b/agents/patchmon_install.sh @@ -129,31 +129,56 @@ echo "" # Install required dependencies info "📦 Installing required dependencies..." +echo "" # Detect package manager and install jq and curl if command -v apt-get >/dev/null 2>&1; then # Debian/Ubuntu + info "Detected apt-get (Debian/Ubuntu)" + echo "" + info "Updating package lists..." apt-get update - apt-get install jq curl -y -elif command -v yum + echo "" + info "Installing jq, curl, and bc..." + apt-get install jq curl bc -y +elif command -v yum >/dev/null 2>&1; then # CentOS/RHEL 7 - yum install -y jq curl -elif command -v dnf + info "Detected yum (CentOS/RHEL 7)" + echo "" + info "Installing jq, curl, and bc..." + yum install -y jq curl bc +elif command -v dnf >/dev/null 2>&1; then # CentOS/RHEL 8+/Fedora - dnf install -y jq curl -elif command -v zypper + info "Detected dnf (CentOS/RHEL 8+/Fedora)" + echo "" + info "Installing jq, curl, and bc..." + dnf install -y jq curl bc +elif command -v zypper >/dev/null 2>&1; then # openSUSE - zypper install -y jq curl -elif command -v pacman + info "Detected zypper (openSUSE)" + echo "" + info "Installing jq, curl, and bc..." + zypper install -y jq curl bc +elif command -v pacman >/dev/null 2>&1; then # Arch Linux - pacman -S --noconfirm jq curl -elif command -v apk + info "Detected pacman (Arch Linux)" + echo "" + info "Installing jq, curl, and bc..." + pacman -S --noconfirm jq curl bc +elif command -v apk >/dev/null 2>&1; then # Alpine Linux - apk add --no-cache jq curl + info "Detected apk (Alpine Linux)" + echo "" + info "Installing jq, curl, and bc..." + apk add --no-cache jq curl bc else - warning "Could not detect package manager. Please ensure 'jq' and 'curl' are installed manually." + warning "Could not detect package manager. Please ensure 'jq', 'curl', and 'bc' are installed manually." fi +echo "" +success "Dependencies installation completed" +echo "" + # Step 1: Handle existing configuration directory info "📁 Setting up configuration directory..." @@ -322,7 +347,7 @@ echo "" echo -e "${GREEN}📋 Installation Summary:${NC}" echo " • Configuration directory: /etc/patchmon" echo " • Agent installed: /usr/local/bin/patchmon-agent.sh" -echo " • Dependencies installed: jq, curl" +echo " • Dependencies installed: jq, curl, bc" echo " • Crontab configured for automatic updates" echo " • API credentials configured and tested"