Re: [Integrit-users] exit status

[<RD...@ga...>]

Hmm.  I suppose it's a difference in philosophy.  TripWire, for example (at
least the free version), returns several exit statuses:

1=error, 2=files added, 4=files deleted, and 8=files changed.  This can be OR'd
together.  E.g., 10=codes 8 and 2.

Another freeware integrity checker I was looking at, fcheck, uses 1 for
software errors (e.g., can't find config file), and 2 for database
inconsistencies.

I guess I'd put it down as something I'd like to see, but maybe others don't.

Ross


On Oct 26, 11:02am, Ed L Cashin wrote:
> Subject: Re: [Integrit-users] exit status
> RD...@ga... (Mr. Ross Druker) writes:
>
> > It appears that integrit exits with a status of 0 when it finds a
discrepancy
> > between the known and current db's.
> >
> > Would it be a problem to change it to a non-zero value to make it easier to
> > flag the change?
>
> Non-zero exit status is only for error conditions.  Errors are
> problems that prevent the software in question from doing its job and
> that cannot be overcome by the software itself.  For example, if you
> invoke integrit and tell it to do a check but you don't say where the
> configuration file is, then integrit can't do its job, and it can't
> solve the problem itself, so it uses an exit status of EXIT_FAILURE
> (defined in stdlib.h) to indicate the error condition.  Then the user
> knows that integrit wasn't able to do what they wanted.
>
> When integrit finds that files have changed, it's just doing its job,
> and when it finishes successfully, after finding changes, it uses
> EXIT_SUCCESS to let the user know that it was able to do what the user
> asked it to: detect any changes.  Integrit only uses an EXIT_FAILURE
> to indicate that it could not do its job.
>
> So it would be a problem for integrit to use a non-zero value when no
> error existed, since it would incorrectly suggest that integrit had
> failed for some reason.
>
> It is possible to use the -q switch, and that way if you get any
> output at all (or more than two lines of output if you're also doing
> an update) you know that something has changed.  For example, you can
> send the report to a file on a remote host; then on the remote host,
> you can do:
>
>   if [ "`wc -l $filename | awk '{ print $1 }'`" -gt 0 ]; then
>     (printf "To: sys...@my...\nSubject: fs changes\n\n"
>      cat $filename) | /usr/lib/sendmail -t
>   fi
>
> ... or something so that you only get mail if there's been a change.
> It isn't as safe to do that on the host you're checking.
>
> --
> --Ed Cashin                   PGP public key:
>   ec...@te...       http://www.terry.uga.edu/~ecashin/pgp/
>-- End of excerpt from Ed L Cashin



-- 
Ross Druker                                      Rohm and Haas Co.
RD...@Ro...                             Philadelphia, PA
(215) 592-3281
The opinions expressed are mine and not those of Rohm and Haas Company.