|
|
|---|
LOGFILE="aide.log" | LOGFILE="aide.log" |
CONFFILE="/etc/aide/aide.conf" | CONFFILE="/etc/aide/aide.conf" |
ERRORLOG="aide_error.log" | ERRORLOG="aide_error.log" |
|
MAILLOG="aide_mail.log" |
ERRORTMP=`tempfile --directory "/tmp" --prefix "$ERRORLOG"` | ERRORTMP=`tempfile --directory "/tmp" --prefix "$ERRORLOG"` |
| |
[ -f /usr/bin/aide ] || exit 0 | [ -f /usr/bin/aide ] || exit 0 |
|
|
|---|
AIDEARGS="-V4" | AIDEARGS="-V4" |
| |
if [ ! -f $DATABASE ]; then | if [ ! -f $DATABASE ]; then |
( |
/usr/sbin/sendmail $MAILTO <<EOF |
echo "Fatal error: The AIDE database does not exist!" |
Subject: Daily AIDE report for $FQDN |
echo "This may mean you haven't created it, or it may mean that someone has removed it." |
From: root@${FQDN} |
) | /bin/mail -s "Daily AIDE report for $FQDN" $MAILTO |
To: ${MAILTO} |
|
Fatal error: The AIDE database does not exist! |
|
This may mean you haven't created it, or it may mean that someone has removed it. |
|
EOF |
exit 0 | exit 0 |
fi | fi |
| |
|
|
|---|
exit 0 | exit 0 |
fi | fi |
| |
(cat << EOF; |
MAILTMP=`tempfile --directory "/tmp" --prefix "$MAILLOG"` |
|
|
|
(cat << EOF |
This is an automated report generated by the Advanced Intrusion Detection | This is an automated report generated by the Advanced Intrusion Detection |
Environment on $FQDN ${DATE}. | Environment on $FQDN ${DATE}. |
| |
|
|
|---|
# include error log in daily report e-mail | # include error log in daily report e-mail |
| |
if [ "$RETVAL" != "0" ]; then | if [ "$RETVAL" != "0" ]; then |
cat > "$LOGDIR/$ERRORLOG" << EOF; |
cat > "$LOGDIR/$ERRORLOG" << EOF |
| |
***************************************************************************** | ***************************************************************************** |
* aide returned a non-zero exit value * | * aide returned a non-zero exit value * |
|
|
|---|
if [ -s "$LOGDIR/$ERRORLOG" ]; then | if [ -s "$LOGDIR/$ERRORLOG" ]; then |
errorlines=`wc -l "$LOGDIR/$ERRORLOG" | awk '{ print $1 }'` | errorlines=`wc -l "$LOGDIR/$ERRORLOG" | awk '{ print $1 }'` |
if [ ${errorlines:=0} -gt $LINES ]; then | if [ ${errorlines:=0} -gt $LINES ]; then |
cat << EOF; |
cat << EOF |
| |
**************************************************************************** | **************************************************************************** |
* aide has returned many errors. * | * aide has returned many errors. * |
|
|
|---|
if [ -s "$NOISETMP" ]; then | if [ -s "$NOISETMP" ]; then |
loglines=`< $NOISETMP wc -l | awk '{ print $1 }'` | loglines=`< $NOISETMP wc -l | awk '{ print $1 }'` |
if [ ${loglines:=0} -gt $LINES ]; then | if [ ${loglines:=0} -gt $LINES ]; then |
cat << EOF; |
cat << EOF |
| |
**************************************************************************** | **************************************************************************** |
* aide has returned long output which has been truncated in this mail * | * aide has returned long output which has been truncated in this mail * |
|
|
|---|
if [ -s "$LOGDIR/$LOGFILE" ]; then | if [ -s "$LOGDIR/$LOGFILE" ]; then |
loglines=`wc -l "$LOGDIR/$LOGFILE" | awk '{ print $1 }'` | loglines=`wc -l "$LOGDIR/$LOGFILE" | awk '{ print $1 }'` |
if [ ${loglines:=0} -gt $LINES ]; then | if [ ${loglines:=0} -gt $LINES ]; then |
cat << EOF; |
cat << EOF |
| |
**************************************************************************** | **************************************************************************** |
* aide has returned long output which has been truncated in this mail * | * aide has returned long output which has been truncated in this mail * |
|
|
|---|
else | else |
echo "AIDE detected no changes." | echo "AIDE detected no changes." |
fi | fi |
) | /bin/mail -s "Daily AIDE report for $FQDN" $MAILTO |
) > ${MAILTMP} |
|
|
|
( |
|
cat <<EOF |
|
Subject: Daily AIDE report for $FQDN |
|
From: root@${FQDN} |
|
To: ${MAILTO} |
|
EOF |
|
cat ${MAILTMP} |
|
) | /usr/sbin/sendmail $MAILTO |
|
|
|
rm -f "$MAILTMP" |
