Amanada Smith Amanada Smith - 3 months ago 11
Linux Question

Grepping and only sending e-mail if something found

#!/bin/bash
( /usr/src/chkrootkit-$VERSION/chkrootkit ) | # Binary
grep 'INFECTED|Vulnerable' | # Only get found issues
/bin/mail -s 'CHROOTKIT Weekly Run ($SERVERNAME)' $EMAIL # Send EMail


This still sends e-mails even if nothing is found.

What would be a way to only send if something is grepped?

Answer

This maybe...

Simply use -E switch in mail command:

man -Pcol\ -b mail | grep empty
     -E      Don't send messages with an empty body.


#!/bin/bash
( /usr/src/chkrootkit-$VERSION/chkrootkit ) | # Binary
grep 'INFECTED|Vulnerable' | # Only get found issues
/bin/mail -E -s 'CHROOTKIT Weekly Run ($SERVERNAME)' $EMAIL # Send EMail

or place your check in a crontab for automatic processing, for ex once a day:

@daily  ( /usr/src/chkrootkit-$VERSION/chkrootkit ) | grep 'INFECTED|Vulnerable'

Cron will send a mail if command output something.

But, after re-reading this

If there is no need to forward any part of the mail in the alert, there is no need to use the pipe |.

So you could use condition in this way:

#!/bin/bash
( /usr/src/chkrootkit-$VERSION/chkrootkit ) | # Binary
    grep -q 'INFECTED|Vulnerable' &&
    /bin/mail -s 'CHROOTKIT Weekly Run ($SERVERNAME)' $EMAIL

The -q switch to grep ensure to stay quiet.

Comments