--- /dev/null
+#!/bin/bash
+
+PATH="/sbin:/usr/sbin:/bin:/usr/bin"
+LOGDIR="/var/log/aide"
+LOGFILE="aide.log"
+CONFFILE="/var/lib/aide/aide.conf.autogenerated"
+ERRORLOG="error.log"
+ERRORTMP=`tempfile --directory "/tmp" --prefix "$ERRORLOG"`
+
+[ -f /usr/bin/aide ] || exit 0
+
+if [ -f /etc/default/aide ]; then
+ . /etc/default/aide
+fi
+
+DATABASE=`grep "^database=file:/" $CONFFILE | head -1 | cut --delimiter=: --fields=2`
+FQDN=`hostname -f`
+DATE=`date +"at %Y-%m-%d %H:%M"`
+
+# default values
+
+MAILTO="${MAILTO:-root}"
+DATABASE="${DATABASE:-/var/lib/aide/aide.db}"
+LINES="${LINES:-1000}"
+COMMAND="${COMMAND:-check}"
+
+AIDEARGS="-V4"
+
+if [ ! -f $DATABASE ]; then
+ (
+ echo "Fatal error: The AIDE database does not exist!"
+ echo "This may mean you haven't created it, or it may mean that someone has removed it."
+ ) | /usr/bin/mail -s "Daily AIDE report for $FQDN" $MAILTO
+ exit 0
+fi
+
+[ -f "$LOGDIR/$LOGFILE" ] && savelog -t -g adm -m 640 -u root -c 7 "$LOGDIR/$LOGFILE" > /dev/null
+[ -f "$LOGDIR/$ERRORLOG" ] && savelog -t -g adm -m 640 -u root -c 7 "$LOGDIR/$ERRORLOG" > /dev/null
+
+aide $AIDEARGS --$COMMAND >"$LOGDIR/$LOGFILE" 2>"$ERRORTMP"
+RETVAL=$?
+
+if [ -n "$QUIETREPORTS" ] && [ $QUIETREPORTS -a \! -s $LOGDIR/$LOGFILE -a \! -s $ERRORTMP ]; then
+ # Bail now because there was no output and QUIETREPORTS is set
+ exit 0
+fi
+
+(cat << EOF;
+This is an automated report generated by the Advanced Intrusion Detection
+Environment on $FQDN ${DATE}.
+
+EOF
+
+# include error log in daily report e-mail
+
+if [ "$RETVAL" != "0" ]; then
+ cat > "$LOGDIR/$ERRORLOG" << EOF;
+
+*****************************************************************************
+* aide returned a non-zero exit value *
+*****************************************************************************
+
+EOF
+ echo "exit value is: $RETVAL" >> "$LOGDIR/$ERRORLOG"
+else
+ touch "$LOGDIR/$ERRORLOG"
+fi
+< "$ERRORTMP" cat >> "$LOGDIR/$ERRORLOG"
+rm -f "$ERRORTMP"
+
+if [ -s "$LOGDIR/$ERRORLOG" ]; then
+ errorlines=`wc -l "$LOGDIR/$ERRORLOG" | awk '{ print $1 }'`
+ if [ ${errorlines:=0} -gt $LINES ]; then
+ cat << EOF;
+
+****************************************************************************
+* aide has returned many errors. *
+* the error log output has been truncated in this mail *
+****************************************************************************
+
+EOF
+ echo "Error output is $errorlines lines, truncated to $LINES."
+ head -$LINES "$LOGDIR/$ERRORLOG"
+ echo "The full output can be found in $LOGDIR/$ERRORLOG."
+ else
+ echo "Errors produced ($errorlines lines):"
+ cat "$LOGDIR/$ERRORLOG"
+ fi
+else
+ echo "AIDE produced no errors."
+fi
+
+# include de-noised log
+
+if [ -n "$NOISE" ]; then
+ NOISETMP=`tempfile --directory "/tmp" --prefix "aidenoise"`
+ NOISETMP2=`tempfile --directory "/tmp" --prefix "aidenoise"`
+ sed -n '1,/^Detailed information about changes:/p' "$LOGDIR/$LOGFILE" | \
+ grep '^\(changed\|removed\|added\):' | \
+ grep -v "^added: THERE WERE ALSO [0-9]\+ FILES ADDED UNDER THIS DIRECTORY" > $NOISETMP2
+
+ if [ -n "$NOISE" ]; then
+ < $NOISETMP2 grep -v "^\(changed\|removed\|added\):$NOISE" > $NOISETMP
+ rm -f $NOISETMP2
+ echo "De-Noised output removes everything matching $NOISE."
+ else
+ mv $NOISETMP2 $NOISETMP
+ echo "No noise expression was given."
+ fi
+
+ if [ -s "$NOISETMP" ]; then
+ loglines=`< $NOISETMP wc -l | awk '{ print $1 }'`
+ if [ ${loglines:=0} -gt $LINES ]; then
+ cat << EOF;
+
+****************************************************************************
+* aide has returned long output which has been truncated in this mail *
+****************************************************************************
+
+EOF
+ echo "De-Noised output is $loglines lines, truncated to $LINES."
+ < $NOISETMP head -$LINES
+ echo "The full output can be found in $LOGDIR/$LOGFILE."
+ else
+ echo "De-Noised output of the daily AIDE run ($loglines lines):"
+ cat $NOISETMP
+ fi
+ else
+ echo "AIDE detected no changes after removing noise."
+ fi
+ rm -f $NOISETMP
+ echo "============================================================================"
+fi
+
+# include non-de-noised log
+
+if [ -s "$LOGDIR/$LOGFILE" ]; then
+ loglines=`wc -l "$LOGDIR/$LOGFILE" | awk '{ print $1 }'`
+ if [ ${loglines:=0} -gt $LINES ]; then
+ cat << EOF;
+
+****************************************************************************
+* aide has returned long output which has been truncated in this mail *
+****************************************************************************
+
+EOF
+ echo "Output is $loglines lines, truncated to $LINES."
+ head -$LINES "$LOGDIR/$LOGFILE"
+ echo "The full output can be found in $LOGDIR/$LOGFILE."
+ else
+ echo "Output of the daily AIDE run ($loglines lines):"
+ cat "$LOGDIR/$LOGFILE"
+ fi
+else
+ echo "AIDE detected no changes."
+fi
+) | /usr/bin/mail -s "Daily AIDE report for $FQDN" $MAILTO
projects / carnet-upgrade.git / blobdiff