This script works for me: #!/bin/bash ##################### # Functions ###################### function extractSumFromLine(){ number=`sed -n ${2}p $1 | sed 's/.*= //'` echo $number }
function compare(){ if [ "$1" = "$2" ] then echo -n "." else echo -e "\nerror while $3 in file $4" fi } function getYesterdaysFile(){ file=`sed -n 6p $1.sum | sed 's/.*(\/logs\/archives\/\(.*\).sum).*/\1/'` echo $file } function docheck(){ filetest=$1 filestored=$2 sumtype=$3 chained=$4 comment="checking $sumtype $chained sum" #determine the correct line in sum-File if [ "a$chained" = "achained" ] then theCat=cat if [ "$sumtype" = "sha1sum" ] then line=7 else line=6 fi else theCat=zcat if [ "$sumtype" = "sha1sum" ] then line=3 else line=2 fi fi hashTest=`$theCat $filetest| $sumtype | sed 's/ *-//'` hashStored=$(extractSumFromLine $filestored $line) compare "$hashTest" "$hashStored" "$comment" "$filestored" } ######################### # Start ######################### cd /var/ossec/logs/archives currentFile=`LANG=C date --date "yesterday" "+%Y/%b/ossec-archive-%d.log"` while [ -f $currentFile.sum ] do yesterday=$(getYesterdaysFile $currentFile) yesterdaySum=$yesterday.sum docheck $currentFile.gz $currentFile.sum md5sum docheck $currentFile.gz $currentFile.sum sha1sum docheck $yesterdaySum $currentFile.sum md5sum chained docheck $yesterdaySum $currentFile.sum sha1sum chained currentFile=$yesterday done echo -e "\n check terrminated with file $currentFile.sum" -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.