Tripwire Prune Report Script

#!/bin/bash
DATE=`date +%H%M-%d%m%y`
TWPRINT="/opt/tripwire/sbin/twprint -m r -r"
TWREPORT=/opt/tripwire/reports
TWHOSTNAME=`hostname`.twr
TWASCII=/tmp/${TWHOSTNAME}.txt
COMP_DIR=${TWREPORT}/COMPRESSED
TWLOG=/tmp/tripwire.tmp
MAILSUB="${HOSTNAME} Report ${DATE}"

get_ascii_report(){
${TWPRINT} ${TWREPORT}/${TWHOSTNAME} > ${TWASCII}
}
section(){
cat ${TWASCII} | sed -n "/$1/,/$2/p" >> ${TWLOG}
echo " " >> ${TWLOG}
}
cleanup(){
        if [ -f ${TWLOG} ]
        then
                rm -f ${TWLOG}
        fi
# Remove fies older than 1 month
find ${COMP_DIR} -type f -mtime +31 -exec rm {} \; 2>/dev/null
}
compress_logs(){
testdir ${COMP_DIR}
gzip -c ${TWASCII} > ${COMP_DIR}/${TWHOSTNAME}.${DATE}.gzip 2>/dev/null
}
testdir(){
if [ ! -d ${1}/ ]
        then
                mkdir ${COMP_DIR}
                fi
}
header(){
echo "Tripwire Report for ${DATE}." >> ${TWLOG}
echo " " >> ${TWLOG}
echo "Please ensure you have checked the report for Errors." >> ${TWLOG}
echo "Also ensure the report is checked for any Severity levels higher
than 0." >> ${TWLOG}
echo "The Full Report can be found at" ${TWASCII} >> ${TWLOG}
echo "Use # zcat ${COMP_DIR}/${TWHOSTNAME}.${DATE}.gzip to view log."
>> ${TWLOG}
echo " " >> ${TWLOG}
}
mailto(){
MAILSUB="Tripwire Report for ${HOSTNAME} ${DATE}"
RECP=paul.ward@datacom.co.nz
 mail -s "${MAILSUB}" ${RECP} < ${TWLOG}
}
# Script begins
cleanup
get_ascii_report
header
echo "Rule Name                       Severity Level    Added
Removed  Modified" >> ${TWLOG}
section "Tripwire Data Files" "Total violations found:"
section "Error Report:" "End of report"
compress_logs
mailto