#!/bin/sh

# /etc/cron.daily/localintegritupdate : update integrit db
# initially written by Andras Bali (as a cron job)

SAVECYCLE=3

test -x /usr/sbin/integrit || exit 0
test -x /usr/bin/savelog || exit 0
test -f /etc/integrit/integrit.debian.conf || exit 0
CONFIGS=""
. /etc/integrit/integrit.debian.conf
test -n "$CONFIGS" || exit 0

for config in $CONFIGS; do
    known=$(egrep '^ *known *= *.+' $config | sed 's/^ *known *= *\(.\+\)$/\1/')
    current=$(egrep '^ *current *= *.+' $config | sed 's/^ *current *= *\(.\+\)$/\1/')
    options="-cu"
    if [ ! -f "$known" ]; then
	if [ -f "$current" ]; then
		mv "$current" "$known"
	else
		options="-u"
	fi
    else
	if [ -f "$current" ]; then
		savelog -m 640 -u root -g root -c $SAVECYCLE "$known" > /dev/null
		mv "$current" "$known"
	fi
    fi

#    nice integrit -C $config -cu 2>&1
    nice integrit -C $config $options
done