0

I'm relatively 'beginner' in the world of Linux and bash and I cannot figure this out.

Among other things I want to modify iptables if 'string' doesn't exist in there, but it doesn't seem to work. Not sure if this is because of the if statements, exit code, syntax or sudo permissions or other.

When the script is being run automatically via cron, it performs the if clause even if iptables does contain the string I'm looking for. This is verified by

  1. printing iptables in terminal both seconds before and after a scheduled run
  2. by adding an echo "this" >>/log/file.log to the if clause.

Take 1:

#!/bin/bash
iptables -L -n -v | grep 8.8.8.8
if [ $? != 0 ]; then
    command-to-perform
fi

Take 2:

#!/bin/bash
iptablesvar=$(iptables -L -v -n)
if [[ $iptablesvar != *"8.8.8.8"* ]]; then
    command-to-perform
fi

I've tried both, triggered by (sudo) crontab with the following line:

*/1 * * * * /bin/bash /home/username/path/to/script-file.sh

What baffles me, is that both the options above seems to work when entered directly into the terminal like so:

sudo iptables -L -n -v | grep 8.8.8.8
if [ $? != 0 ]; then echo "not found" ;fi
if [ $? == 0 ]; then echo "found" ;fi

var=$(sudo iptables -L -n -v)
if [[ $var != *"8.8.8.8"* ]]; then echo "n" ;fi
if [[ $var == *"8.8.8.8"* ]]; then echo "y" ;fi

What gives?

If relevant, my system is a fresh Linux Mint 19.3 Tricia

Chris Davies
  • 116,213
  • 16
  • 160
  • 287
Morten
  • 461
  • 1
    A lot useful links, https://stackoverflow.com/questions/14612444/bash-script-runs-manually-but-fails-on-crontab – Jetchisel Apr 15 '20 at 07:54
  • 1
    What does "does not work" mean? Do you get an error (what error?) or do you get some incorrect result (what result?). Also not that you can't test $? twice. The first test would change $?. – Kusalananda Apr 15 '20 at 07:57
  • Sorry, edited original post explaining "does not work". And yes, I know the exit code changes after the first if, I was trying to communicate that both those if's work in terminal. – Morten Apr 15 '20 at 08:02
  • Who's crontab is running the script? – Kusalananda Apr 15 '20 at 08:03
  • root? "sudo crontab -e". – Morten Apr 15 '20 at 08:04
  • Are you sure it's not simply that iptables is not in cron's PATH (so that you're testing the exit status of a failed iptables command, rather than the exit status of grep)? Try adding the full path ex. /sbin/iptables – steeldriver Apr 15 '20 at 11:19
  • @steeldriver solid tip, thanks. Added full path to all commands - looks like maybe that did the trick! Another thing I noticed (not sure if relevant) was that the content in my variable was 'broken' when i echo'ed without quotes - echo $var instead of echo "$var" resulted in a mucked up mixture of the actual iptable and folder names/paths from ~ ... – Morten Apr 15 '20 at 12:07
  • For an explanation of the second issue, see When is double-quoting necessary? – steeldriver Apr 15 '20 at 12:23
  • @steeldriver feel free to submit an answer on cron PATH/full path to command, and I'll gladly accept it as an answer. – Morten Apr 16 '20 at 07:21
  • Since you're running this from root's crontab you don't want (and shouldn't include) sudo in the script itself. – Chris Davies Apr 16 '20 at 12:20
  • I know, and I haven't. – Morten Apr 16 '20 at 12:37

1 Answers1

0

I'll answer this myself then - all credits to @steeldriver's comment:
iptables is not in cron's PATH. Changed command to include full path /sbin/iptables.

Morten
  • 461