| 1 | #!/bin/sh |
|---|
| 2 | # from debian port |
|---|
| 3 | |
|---|
| 4 | PATH="/bin:/usr/bin:%%PREFIX%%/bin" |
|---|
| 5 | LOGDIR="%%PREFIX%%/var/log/aide" |
|---|
| 6 | LOGFILE="$LOGDIR/aide.log" |
|---|
| 7 | CONFFILE="%%PREFIX%%/etc/aide/aide.conf" |
|---|
| 8 | ERRORLOG="$LOGDIR/error.log" |
|---|
| 9 | ## default action: check only, update (but need to rotate db manually) |
|---|
| 10 | COMMAND=${COMMAND:-update} |
|---|
| 11 | |
|---|
| 12 | [ -f %%PREFIX%%/bin/aide ] || exit 0 |
|---|
| 13 | |
|---|
| 14 | MAILTO=`grep "^@@define MAILTO" $CONFFILE | head -1 | awk '{ print $3 }'` |
|---|
| 15 | DATABASE=`grep "^database=file:/" $CONFFILE | head -1 | cut -d: -f2` |
|---|
| 16 | LINES=`grep "^@@define LINES" $CONFFILE | head -1 | awk '{ print $3 }'` |
|---|
| 17 | FQDN=`hostname -f` |
|---|
| 18 | DATE=`date +"at %X on %x"` |
|---|
| 19 | |
|---|
| 20 | [ -z "$MAILTO" ] && MAILTO="root" |
|---|
| 21 | [ -z "$DATABASE" ] && DATABASE="%%PREFIX%%/var/lib/aide/aide.db" |
|---|
| 22 | [ -z "$LINES" ] && LINES="1000" |
|---|
| 23 | |
|---|
| 24 | |
|---|
| 25 | if [ ! -f $DATABASE ]; then |
|---|
| 26 | ( |
|---|
| 27 | echo "Fatal error: The AIDE database does not exist!" |
|---|
| 28 | echo "This may mean you haven't created it, or it may mean that someone has removed it." |
|---|
| 29 | ) | /usr/bin/mail -s "Daily AIDE report for $FQDN" $MAILTO |
|---|
| 30 | exit 0 |
|---|
| 31 | fi |
|---|
| 32 | |
|---|
| 33 | #[ -f $LOGFILE ] && savelog -t -g adm -m 640 -u root -c 7 $LOGFILE > /dev/null |
|---|
| 34 | #[ -f $ERRORLOG ] && savelog -t -g adm -m 640 -u root -c 7 $ERRORLOG > /dev/null |
|---|
| 35 | |
|---|
| 36 | aide -c $CONFFILE --$COMMAND >$LOGFILE 2>$ERRORLOG |
|---|
| 37 | |
|---|
| 38 | (cat << EOF; |
|---|
| 39 | This is an automated report generated by the Advanced Intrusion Detection |
|---|
| 40 | Environment on $FQDN ${DATE}. |
|---|
| 41 | |
|---|
| 42 | EOF |
|---|
| 43 | if [ -s $LOGFILE ]; then |
|---|
| 44 | loglines=`wc -l $LOGFILE | awk '{ print $1 }'` |
|---|
| 45 | if [ ${loglines:=0} -gt $LINES ]; then |
|---|
| 46 | echo |
|---|
| 47 | echo "TRUNCATED (!) output of the daily AIDE run:" |
|---|
| 48 | echo "Output is $loglines lines, truncated to $LINES." |
|---|
| 49 | head -$LINES $LOGFILE |
|---|
| 50 | echo "The full output can be found in $LOGFILE." |
|---|
| 51 | else |
|---|
| 52 | echo "Output of the daily AIDE run:" |
|---|
| 53 | cat $LOGFILE |
|---|
| 54 | fi |
|---|
| 55 | else |
|---|
| 56 | echo "AIDE detected no changes." |
|---|
| 57 | fi |
|---|
| 58 | if [ -s $ERRORLOG ]; then |
|---|
| 59 | errorlines=`wc -l $ERRORLOG | awk '{ print $1 }'` |
|---|
| 60 | if [ ${errorlines:=0} -gt $LINES ]; then |
|---|
| 61 | echo "TRUNCATED (!) output of errors produced:" |
|---|
| 62 | echo "Error output is $errorlines lines, truncated to $LINES." |
|---|
| 63 | head -$LINES $ERRORLOG |
|---|
| 64 | echo "The full output can be found in $ERRORLOG." |
|---|
| 65 | else |
|---|
| 66 | echo "Errors produced:" |
|---|
| 67 | cat $ERRORLOG |
|---|
| 68 | fi |
|---|
| 69 | else |
|---|
| 70 | echo "AIDE produced no errors." |
|---|
| 71 | fi |
|---|
| 72 | ) | /usr/bin/mail -s "Daily AIDE report for $FQDN" $MAILTO |
|---|
