This script works for me:
#!/bin/bash
#####################
# Functions
######################
function extractSumFromLine(){
number=`sed -n ${2}p $1 | sed 's/.*= //'`
echo $number
}
function compare(){
if [ "$1" = "$2" ]
then
echo -n "."
else
echo -e "\nerror while $3 in file $4"
fi
}
function getYesterdaysFile(){
file=`sed -n 6p $1.sum | sed
's/.*(\/logs\/archives\/\(.*\).sum).*/\1/'`
echo $file
}
function docheck(){
filetest=$1
filestored=$2
sumtype=$3
chained=$4
comment="checking $sumtype $chained sum"
#determine the correct line in sum-File
if [ "a$chained" = "achained" ]
then
theCat=cat
if [ "$sumtype" = "sha1sum" ]
then
line=7
else
line=6
fi
else
theCat=zcat
if [ "$sumtype" = "sha1sum" ]
then
line=3
else
line=2
fi
fi
hashTest=`$theCat $filetest| $sumtype | sed 's/ *-//'`
hashStored=$(extractSumFromLine $filestored $line)
compare "$hashTest" "$hashStored" "$comment" "$filestored"
}
#########################
# Start
#########################
cd /var/ossec/logs/archives
currentFile=`LANG=C date --date "yesterday" "+%Y/%b/ossec-archive-%d.log"`
while [ -f $currentFile.sum ]
do
yesterday=$(getYesterdaysFile $currentFile)
yesterdaySum=$yesterday.sum
docheck $currentFile.gz $currentFile.sum md5sum
docheck $currentFile.gz $currentFile.sum sha1sum
docheck $yesterdaySum $currentFile.sum md5sum chained
docheck $yesterdaySum $currentFile.sum sha1sum chained
currentFile=$yesterday
done
echo -e "\n check terrminated with file $currentFile.sum"
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
