0

I have a cron job run by root every hour that checks if there's a tripwire violation. It still sends me an email every hour, whether I have a violation or not. If there is a violation, it includes the report. If there is no violation, it sends me a blank email with just the subject line.

Here's the script:

#!/bin/bash

# Save report
tripwire --check > /tmp/twreport

# Count violations
v=`grep -c 'Total violations found:  0' /tmp/twreport`

# Send report
if [ "$v" -eq 0 ]; then
        mail -s "[tripwire] Report for `uname -n`" user@example.com < /tmp/twreport
fi
MarkH
  • 85
  • 1
  • 9
  • 1
    If it's sending a blank email, that seems to indicate `/tmp/twreport` is empty. That would certainly result in `v` being set to zero. Suggest you debug what actually gets written to that file. – paxdiablo May 03 '17 at 02:32
  • The file is written to - it either shows 0 violations or x number of violations. The v is either 0 or 1. When I run it manually it works fine, only in cron does it not work. – MarkH May 03 '17 at 02:34
  • There is a vast difference in environment between terminals and cron jobs so that may be the issue here. See for example http://stackoverflow.com/questions/1972690/cannot-get-php-cron-script-to-run/1972763#1972763 – paxdiablo May 03 '17 at 02:36
  • Ah, I don't have the full path to tripwire in the script. I've added it in and will see if it executes – MarkH May 03 '17 at 02:45

2 Answers2

0

I suggest changing the code to

if [ -f /tmp/twreport ] # Check file exists
then
 v=$(grep -c '^Total violations found:  0$' /tmp/twreport)
 #Not suggested using legacy backticks
 if [ "$v" -eq 0 ]; then
        mail -s "[tripwire] Report for $(uname -n)" user@example.com < /tmp/twreport
 fi
fi

Finally set the path in cron before you put the script line. like

# Setting PATH
PATH=/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/path/to/tripwire:/and/so/on
# Now,set up the cron-job for the script
0        11         *              *          0       /path/to/script
sjsam
  • 21,411
  • 5
  • 55
  • 102
0

Try surrounding with double quotes and use full path 

v="`/bin/grep -c 'Total violations found:  0' /tmp/twreport`"

and

if [ "$v" == "0" ]; then # or = instead of == based on your shell

If these don't work verify the search term. I see two spaces before 0 on 'found: 0'

Theofanis
  • 523
  • 5
  • 15
  • The use of `"` quotes is not an issue here since `grep -c` always outputs a number (no spaces or other weird stuff that quotes would fix). – paxdiablo May 04 '17 at 02:08