X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=usr%2Fshare%2Fcarnet-upgrade%2Ffiles%2Fetc%2Fcron.daily%2Faide;fp=usr%2Fshare%2Fcarnet-upgrade%2Ffiles%2Fetc%2Fcron.daily%2Faide;h=0000000000000000000000000000000000000000;hb=5d929e88076c0d1e268525b609aead29b8a6eb00;hp=e5fa1780b7eeb42fdbd969e5b3623e16ddf65632;hpb=1f6aaec71768f001154faa03e648e9a731d2ca40;p=carnet-upgrade.git diff --git a/usr/share/carnet-upgrade/files/etc/cron.daily/aide b/usr/share/carnet-upgrade/files/etc/cron.daily/aide deleted file mode 100755 index e5fa178..0000000 --- a/usr/share/carnet-upgrade/files/etc/cron.daily/aide +++ /dev/null @@ -1,157 +0,0 @@ -#!/bin/bash - -PATH="/sbin:/usr/sbin:/bin:/usr/bin" -LOGDIR="/var/log/aide" -LOGFILE="aide.log" -CONFFILE="/var/lib/aide/aide.conf.autogenerated" -ERRORLOG="error.log" -ERRORTMP=`tempfile --directory "/tmp" --prefix "$ERRORLOG"` - -[ -f /usr/bin/aide ] || exit 0 - -if [ -f /etc/default/aide ]; then - . /etc/default/aide -fi - -DATABASE=`grep "^database=file:/" $CONFFILE | head -1 | cut --delimiter=: --fields=2` -FQDN=`hostname -f` -DATE=`date +"at %Y-%m-%d %H:%M"` - -# default values - -MAILTO="${MAILTO:-root}" -DATABASE="${DATABASE:-/var/lib/aide/aide.db}" -LINES="${LINES:-1000}" -COMMAND="${COMMAND:-check}" - -AIDEARGS="-V4" - -if [ ! -f $DATABASE ]; then - ( - echo "Fatal error: The AIDE database does not exist!" - echo "This may mean you haven't created it, or it may mean that someone has removed it." - ) | /usr/bin/mail -s "Daily AIDE report for $FQDN" $MAILTO - exit 0 -fi - -[ -f "$LOGDIR/$LOGFILE" ] && savelog -t -g adm -m 640 -u root -c 7 "$LOGDIR/$LOGFILE" > /dev/null -[ -f "$LOGDIR/$ERRORLOG" ] && savelog -t -g adm -m 640 -u root -c 7 "$LOGDIR/$ERRORLOG" > /dev/null - -aide $AIDEARGS --$COMMAND >"$LOGDIR/$LOGFILE" 2>"$ERRORTMP" -RETVAL=$? - -if [ -n "$QUIETREPORTS" ] && [ $QUIETREPORTS -a \! -s $LOGDIR/$LOGFILE -a \! -s $ERRORTMP ]; then - # Bail now because there was no output and QUIETREPORTS is set - exit 0 -fi - -(cat << EOF; -This is an automated report generated by the Advanced Intrusion Detection -Environment on $FQDN ${DATE}. - -EOF - -# include error log in daily report e-mail - -if [ "$RETVAL" != "0" ]; then - cat > "$LOGDIR/$ERRORLOG" << EOF; - -***************************************************************************** -* aide returned a non-zero exit value * -***************************************************************************** - -EOF - echo "exit value is: $RETVAL" >> "$LOGDIR/$ERRORLOG" -else - touch "$LOGDIR/$ERRORLOG" -fi -< "$ERRORTMP" cat >> "$LOGDIR/$ERRORLOG" -rm -f "$ERRORTMP" - -if [ -s "$LOGDIR/$ERRORLOG" ]; then - errorlines=`wc -l "$LOGDIR/$ERRORLOG" | awk '{ print $1 }'` - if [ ${errorlines:=0} -gt $LINES ]; then - cat << EOF; - -**************************************************************************** -* aide has returned many errors. * -* the error log output has been truncated in this mail * -**************************************************************************** - -EOF - echo "Error output is $errorlines lines, truncated to $LINES." - head -$LINES "$LOGDIR/$ERRORLOG" - echo "The full output can be found in $LOGDIR/$ERRORLOG." - else - echo "Errors produced ($errorlines lines):" - cat "$LOGDIR/$ERRORLOG" - fi -else - echo "AIDE produced no errors." -fi - -# include de-noised log - -if [ -n "$NOISE" ]; then - NOISETMP=`tempfile --directory "/tmp" --prefix "aidenoise"` - NOISETMP2=`tempfile --directory "/tmp" --prefix "aidenoise"` - sed -n '1,/^Detailed information about changes:/p' "$LOGDIR/$LOGFILE" | \ - grep '^\(changed\|removed\|added\):' | \ - grep -v "^added: THERE WERE ALSO [0-9]\+ FILES ADDED UNDER THIS DIRECTORY" > $NOISETMP2 - - if [ -n "$NOISE" ]; then - < $NOISETMP2 grep -v "^\(changed\|removed\|added\):$NOISE" > $NOISETMP - rm -f $NOISETMP2 - echo "De-Noised output removes everything matching $NOISE." - else - mv $NOISETMP2 $NOISETMP - echo "No noise expression was given." - fi - - if [ -s "$NOISETMP" ]; then - loglines=`< $NOISETMP wc -l | awk '{ print $1 }'` - if [ ${loglines:=0} -gt $LINES ]; then - cat << EOF; - -**************************************************************************** -* aide has returned long output which has been truncated in this mail * -**************************************************************************** - -EOF - echo "De-Noised output is $loglines lines, truncated to $LINES." - < $NOISETMP head -$LINES - echo "The full output can be found in $LOGDIR/$LOGFILE." - else - echo "De-Noised output of the daily AIDE run ($loglines lines):" - cat $NOISETMP - fi - else - echo "AIDE detected no changes after removing noise." - fi - rm -f $NOISETMP - echo "============================================================================" -fi - -# include non-de-noised log - -if [ -s "$LOGDIR/$LOGFILE" ]; then - loglines=`wc -l "$LOGDIR/$LOGFILE" | awk '{ print $1 }'` - if [ ${loglines:=0} -gt $LINES ]; then - cat << EOF; - -**************************************************************************** -* aide has returned long output which has been truncated in this mail * -**************************************************************************** - -EOF - echo "Output is $loglines lines, truncated to $LINES." - head -$LINES "$LOGDIR/$LOGFILE" - echo "The full output can be found in $LOGDIR/$LOGFILE." - else - echo "Output of the daily AIDE run ($loglines lines):" - cat "$LOGDIR/$LOGFILE" - fi -else - echo "AIDE detected no changes." -fi -) | /usr/bin/mail -s "Daily AIDE report for $FQDN" $MAILTO