Fix check_yum for excluded packages in RHEL 7

[moschlar]

In our case, there were lots of lines like --> libuuid-2.23.2-22.el7_1.i686 from rhel-7-server-rpms excluded (updateinfo) in the output of yum --security check-update which
triggered the test for len(output) > number_total_updates + 25.

This simply sets a flag when at least one entry like this is found and
then skips that test.

I am aware that this may falsely match when a package or repo are named
including something like excluded.

[clintonm9]

This fixed my issue, thanks you @moschlar

[HOSTED-POWER]

Fixes for me too, why not include it in default branch?

[wyardley]

I know you mentioned about this falsely matching, but adding a space on either side should improve this. I have a couple other ideas that I'll mention elsewhere.

[wyardley]

I have a related one with lines like this:

 --> kernel-3.10.0-514.10.2.el7.x86_64 from xyz removed (updateinfo)
 --> libini_config-1.3.0-27.el7.x86_64 from xyz removed (updateinfo)
 --> procps-ng-3.3.10-3.el7.x86_64 from @base removed (updateinfo)
 --> grep-2.20-1.el7.x86_64 from @base removed (updateinfo)

I wonder if something like the attached might not be better, for several reasons
patch.txt

Not sure if the behavior should be configurable or not (so that people can choose whether they want packages marked as "excluded" or "removed" counted? Or even changed so that it counts excluded packages explicitly so that people can be warned even if there are security updates for packages that are somehow pinned or otherwise excluded?

On an unrelated note, the standard for Python is 4 space soft-tabs /ducks

[desylva]

This fixed my issue on AWS Linux 2, thanks you @moschlar

[HariSekhon]

Have you guys tried the original version of this code which is still maintained and has received a lot more updates at

https://github.com/HariSekhon/Nagios-Plugins

I tend to avoid things that will just skip the test and instead use the outputs from other people's servers to update matching logic.