Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 147896 Details for
Bug 215637
app-forensics/aide ebuild enhancements
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
aide.cron
aide.cron (text/plain), 5.86 KB, created by
Gilles Dartiguelongue (RETIRED)
on 2008-03-31 20:07:06 UTC
(
hide
)
Description:
aide.cron
Filename:
MIME Type:
Creator:
Gilles Dartiguelongue (RETIRED)
Created:
2008-03-31 20:07:06 UTC
Size:
5.86 KB
patch
obsolete
>#!/bin/bash ># Modified: Benjamin Smee ># Date: Fri Sep 10 11:35:41 BST 2004 > ># This is the email address reports get mailed to >MAILTO=root@localhost > ># Set this to suppress mailings when there's nothing to report >QUIETREPORTS=1 > ># This parameter defines which aide command to run from the cron script. ># Sensible values are "update" and "check". ># Default is "check", ensuring backwards compatibility. ># Since "update" does not take any longer, it is recommended to use "update", ># so that a new database is created every day. The new database needs to be ># manually copied over the current one, though. >COMMAND=update > ># This parameter defines how many lines to return per e-mail. Output longer ># than this value will be truncated in the e-mail sent out. >LINES=1000 > ># This parameter gives a grep regular expression. If given, all output lines ># that _don't_ match the regexp are listed first in the script's output. This ># allows to easily remove noise from the aide report. >NOISE="(/var/cache/|/var/lib/|/var/tmp)" >PATH="/bin:/usr/bin:/sbin:/usr/sbin" >LOGDIR="/var/log/aide" >LOGFILE="aide.log" >CONFFILE="/etc/aide/aide.conf" >ERRORLOG="aide_error.log" >MAILLOG="aide_mail.log" >ERRORTMP=`tempfile --directory "/tmp" --prefix "$ERRORLOG"` > >[ -f /usr/bin/aide ] || exit 0 > >DATABASE=`grep "^database=file:/" $CONFFILE | head -n 1 | cut --delimiter=: --fields=2` >FQDN=`hostname -f` >DATE=`date +"at %Y-%m-%d %H:%M"` > ># default values > >DATABASE="${DATABASE:-/var/lib/aide/aide.db}" > >AIDEARGS="-V4" > >if [ ! -f $DATABASE ]; then > /usr/sbin/sendmail $MAILTO <<EOF >Subject: Daily AIDE report for $FQDN >From: root@${FQDN} >To: ${MAILTO} >Fatal error: The AIDE database does not exist! >This may mean you haven't created it, or it may mean that someone has removed it. >EOF > exit 0 >fi > ># Removed so no deps on debianutils - strerror >#[ -f "$LOGDIR/$LOGFILE" ] && savelog -j -t -g adm -m 640 -u root -c 7 "$LOGDIR/$LOGFILE" > /dev/null >#[ -f "$LOGDIR/$ERRORLOG" ] && savelog -j -t -g adm -m 640 -u root -c 7 "$LOGDIR/$ERRORLOG" > /dev/null > >aide $AIDEARGS --$COMMAND >"$LOGDIR/$LOGFILE" 2>"$ERRORTMP" >RETVAL=$? > >if [ -n "$QUIETREPORTS" ] && [ $QUIETREPORTS -a \! -s $LOGDIR/$LOGFILE -a \! -s $ERRORTMP ]; then > # Bail now because there was no output and QUIETREPORTS is set > exit 0 >fi > >MAILTMP=`tempfile --directory "/tmp" --prefix "$MAILLOG"` > >(cat << EOF >This is an automated report generated by the Advanced Intrusion Detection >Environment on $FQDN ${DATE}. > >EOF > ># include error log in daily report e-mail > >if [ "$RETVAL" != "0" ]; then > cat > "$LOGDIR/$ERRORLOG" << EOF > >***************************************************************************** >* aide returned a non-zero exit value * >***************************************************************************** > >EOF > echo "exit value is: $RETVAL" >> "$LOGDIR/$ERRORLOG" >else > touch "$LOGDIR/$ERRORLOG" >fi >< "$ERRORTMP" cat >> "$LOGDIR/$ERRORLOG" >rm -f "$ERRORTMP" > >if [ -s "$LOGDIR/$ERRORLOG" ]; then > errorlines=`wc -l "$LOGDIR/$ERRORLOG" | awk '{ print $1 }'` > if [ ${errorlines:=0} -gt $LINES ]; then > cat << EOF > >**************************************************************************** >* aide has returned many errors. * >* the error log output has been truncated in this mail * >**************************************************************************** > >EOF > echo "Error output is $errorlines lines, truncated to $LINES." > head -$LINES "$LOGDIR/$ERRORLOG" > echo "The full output can be found in $LOGDIR/$ERRORLOG." > else > echo "Errors produced ($errorlines lines):" > cat "$LOGDIR/$ERRORLOG" > fi >else > echo "AIDE produced no errors." >fi > ># include de-noised log > >if [ -n "$NOISE" ]; then > NOISETMP=`tempfile --directory "/tmp" --prefix "aidenoise"` > NOISETMP2=`tempfile --directory "/tmp" --prefix "aidenoise"` > sed -n '1,/^Detailed information about changes:/p' "$LOGDIR/$LOGFILE" | \ > grep '^\(changed\|removed\|added\):' | \ > grep -v "^added: THERE WERE ALSO [0-9]\+ FILES ADDED UNDER THIS DIRECTORY" > $NOISETMP2 > > if [ -n "$NOISE" ]; then > < $NOISETMP2 grep -v "^\(changed\|removed\|added\):$NOISE" > $NOISETMP > rm -f $NOISETMP2 > echo "De-Noised output removes everything matching $NOISE." > else > mv $NOISETMP2 $NOISETMP > echo "No noise expression was given." > fi > > if [ -s "$NOISETMP" ]; then > loglines=`< $NOISETMP wc -l | awk '{ print $1 }'` > if [ ${loglines:=0} -gt $LINES ]; then > cat << EOF > >**************************************************************************** >* aide has returned long output which has been truncated in this mail * >**************************************************************************** > >EOF > echo "De-Noised output is $loglines lines, truncated to $LINES." > < $NOISETMP head -$LINES > echo "The full output can be found in $LOGDIR/$LOGFILE." > else > echo "De-Noised output of the daily AIDE run ($loglines lines):" > cat $NOISETMP > fi > else > echo "AIDE detected no changes after removing noise." > fi > rm -f $NOISETMP > echo "============================================================================" >fi > ># include non-de-noised log > >if [ -s "$LOGDIR/$LOGFILE" ]; then > loglines=`wc -l "$LOGDIR/$LOGFILE" | awk '{ print $1 }'` > if [ ${loglines:=0} -gt $LINES ]; then > cat << EOF > >**************************************************************************** >* aide has returned long output which has been truncated in this mail * >**************************************************************************** > >EOF > echo "Output is $loglines lines, truncated to $LINES." > head -$LINES "$LOGDIR/$LOGFILE" > echo "The full output can be found in $LOGDIR/$LOGFILE." > else > echo "Output of the daily AIDE run ($loglines lines):" > cat "$LOGDIR/$LOGFILE" > fi >else > echo "AIDE detected no changes." >fi >) > ${MAILTMP} > >( >cat <<EOF >Subject: Daily AIDE report for $FQDN >From: root@${FQDN} >To: ${MAILTO} >EOF >cat ${MAILTMP} >) | /usr/sbin/sendmail $MAILTO > >rm -f "$MAILTMP"
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=147896">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 215637
:
147893
|
147894
| 147896 |
147897
