The script below is a Patch Status script for rpm based systems (Redhat, Centos, Fedora, etc.) You must query a known good, fully patched server. Query this server with “rpm -qa” and pipe it to a “current.txt” file.

Your servers are pulled from “hosts.txt” file. Each IP address is on it’s own line in this file.

Also this will only work (without typing 300 passwords over and over) with Public Key Authentication in place, and NOPASSWD option for the wheel group in /etc/sudoers.

#!/bin/bash
# Written by Wylie Bayes and Steve Jarvi 28March2014
HOSTREAD=$(cat /opt/scripts/hosts.txt)
USR="forgotten"
PATCHSTATUS="/opt/scripts/patchstatus"
ALLSERVERS="/opt/scripts/patchstatus/All_servers.txt"
rm -rf $ALLSERVERS
for server in $HOSTREAD;
   do
      echo Connected to ${server} !!!!
      echo ${server} $'Patch Status\n' >> $ALLSERVERS
      echo --------------------------------------------------------- >>     $ALLSERVERS
      intheloop=$(ssh $USR@${server} sudo rpm -qa >              $PATCHSTATUS/${server}_patch_status.txt && grep -Fxvf     $PATCHSTATUS/current.txt    $PATCHSTATUS/${server}_patch_status.txt)
      sleep 1
         if [[ -z $intheloop ]]
            then
               echo ${server} $'Is fully patched.\n' >> $ALLSERVERS
            else
               for i in $intheloop
                  do
                     echo $i >> $ALLSERVERS
              done
         fi
   echo --------------------------------------------------------- >> $ALLSERVERS
   echo $'\n \n' >> $ALLSERVERS
   intheloop=$null
done
rm /opt/scripts/patchstatus/*_patch_status.txt
exit 0