#!/bin/sh

DATABASE="/usr/lib/tripwire/databases/tw.db_`hostname`"
DATABASEGZIP="/usr/lib/tripwire/databases/tw.db_`hostname`.gz"
LOG=/var/log/tripwire

#
# set to user to actually send mail
MAILTO=

#
#
# which binary do we use? 
#
[ -f $DATABASE ] && TRIPWIRE=/usr/lib/tripwire/tripwire
[ -f $DATABASEGZIP ] && TRIPWIRE=/usr/lib/tripwire/ztripwire

#
# do not run if there is no database file
#
[ -z "$TRIPWIRE" ] && exit 0

#
# rotate the log file if it exists
#
if [ -f $LOG ]; then
	savelog -p -g adm -m 640 -u root -c 7 $LOG > /dev/null
fi

#
# run the check
#
$TRIPWIRE -q > $LOG

#
# if the temporary file is empty do not send mail
#
[ ! -s $LOG -o -z "$MAILTO" ] && exit 0

(cat <<EOF; 
This is an automated report of possible file integrity changes, generated by
the Tripwire integrity checker.

Changed files/directories include:
EOF
cat $LOG
) | /usr/bin/mail -s "File integrity report" $MAILTO
