Re: [Integrit-users] exit status

[Ed L C. <ec...@te...>]

RD...@ga... (Mr. Ross Druker) writes:

> It appears that integrit exits with a status of 0 when it finds a discrepancy
> between the known and current db's.
> 
> Would it be a problem to change it to a non-zero value to make it easier to
> flag the change?

Non-zero exit status is only for error conditions.  Errors are
problems that prevent the software in question from doing its job and
that cannot be overcome by the software itself.  For example, if you
invoke integrit and tell it to do a check but you don't say where the
configuration file is, then integrit can't do its job, and it can't
solve the problem itself, so it uses an exit status of EXIT_FAILURE
(defined in stdlib.h) to indicate the error condition.  Then the user
knows that integrit wasn't able to do what they wanted.

When integrit finds that files have changed, it's just doing its job,
and when it finishes successfully, after finding changes, it uses
EXIT_SUCCESS to let the user know that it was able to do what the user
asked it to: detect any changes.  Integrit only uses an EXIT_FAILURE
to indicate that it could not do its job.

So it would be a problem for integrit to use a non-zero value when no
error existed, since it would incorrectly suggest that integrit had
failed for some reason.  

It is possible to use the -q switch, and that way if you get any
output at all (or more than two lines of output if you're also doing
an update) you know that something has changed.  For example, you can
send the report to a file on a remote host; then on the remote host,
you can do:

  if [ "`wc -l $filename | awk '{ print $1 }'`" -gt 0 ]; then 
    (printf "To: sys...@my...\nSubject: fs changes\n\n"
     cat $filename) | /usr/lib/sendmail -t
  fi

... or something so that you only get mail if there's been a change.
It isn't as safe to do that on the host you're checking.

-- 
--Ed Cashin                   PGP public key:
  ec...@te...       http://www.terry.uga.edu/~ecashin/pgp/