#! /bin/sh
# integrit_check - demo script runs integrit from secure server's read-only NFS
# Copyright (C) 2000 Ed Cashin
# 
# You can redistribute this program and/or modify it under the terms of
# the Artistic License as published by the Open Source Initiative,
# currently at the following URL:
# 
#     http://www.opensource.org/licenses/artistic-license.html
# 
# THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
# MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
# 
# $Header: /cvsroot/integrit/integrit/examples/integrit_check,v 1.4 2000/12/12 21:10:58 ecashin Exp $

host=`hostname`
securedir=/mnt/secdb
config=$1			# should be in read-only location
recipient=$2
arch=`uname`

if [ "`whoami`" != "root" ]; then
    echo Error: you must be root to run $0 1>&2
    exit 1
fi

if [ "$recipient" = "" -o "$config" = "" ]; then
    echo usage: $0 config_file email_recipient 1>&2
    exit 1
fi

#------------integrit binary compiled for this architecture
integrit=$securedir/bin/integrit-$arch	

# do update (-u) and check (-c) 
# ... with configuration $conf (-C) and human-readable output
# ... piping output to sendmail; or exit with an error message
# to standard output.

(printf "To: $recipient\nSubject: integrit $host report\n\n";
 $integrit -C $config -u -c) | /usr/lib/sendmail -t || {
    echo $0 error 1>&2
    exit 1
}



