Running ubuntu 8.04

I built this off of the tripwire daily cron script. I'm trying to check the number of violations.

There's a problem when $tripResult is instantiated with the tripwire report- it doesn't have any newline characters.

This causes grep to not get the line with the number of violations, it just gets the entire report.

#!/bin/sh -e

tripwire=/usr/sbin/tripwire

[ -x $tripwire ] || exit 0

umask 027

tripResult=$($tripwire --check --quiet)

tripViolations=$(echo $tripResult | grep "Total violations found" | awk '{print $4}')

exit 0

Because storing the result in a shell variable always strings out redundant white space.

If you want newlines, then pipe it direct. tripViolations=$($tripwire --check --quiet | awk '/Total violations found/ {print $4}')

Thanks that works.

But I want to use the results in two different places- first check for violations, then email the full report to me, in the same script.

I could issue tripwire --check twice(bad), I could write the results to a file then read it twice(ok...), but is there some option that will keep redundant white space in the shell variable?

No.
You'll have to use a temp file.

Or write the whole thing in perl, then you can do whatever you want.

Doesn't tripwire write a to a report file by default? Maybe you could get the results you're looking for by running tripwire and then parsing the report?

Otherwise, I think you're just missing some quotes to hold everything together ;) Try this!

#!/bin/sh -e

tripwire=/usr/sbin/tripwire

[ -x $tripwire ] || exit 0

umask 027

tripResult="$($tripwire --check --quiet)"

tripViolations=$(echo "$tripResult" | awk '/Total.violations.found/ {print $4}')

exit 0

(I took some liberties with your grep|awk arrangement... why use 2 cmds when one will do! ;)

Another way to do this would be with a temporary file, like Salem said. You could do something like this:

#!/bin/sh -e

tripwire=/usr/sbin/tripwire

## configure the log file as a variable
logfile=/tmp/tw.log

[ -x $tripwire ] || exit 0

umask 027

$tripwire --check --quiet > $logfile

tripResult=$(cat $logfile)

tripViolations=$(awk '/Total.violations.found/ {print $4}' $logfile)

rm $logfile

exit 0

Or you might want to choose to keep those log files, and timestamp them.

logfile=/tmp/tw-$(date +%D-%T).log
# comment out the 'rm' at the end ;)
# rm $logfile

I hope this helps! Sorry if that's too much info... or not enough...

-G

See you shouldn't have done that cause now I used your solution instead of learning perl cause I'm lazy.

But seriously thanks it works great. For the log file I had to change %D to %F.

Edit: it was the second solution that worked.

This article has been dead for over six months. Start a new discussion instead.