|
Lines 29-34
Link Here
|
| 29 |
LOGFILE="aide.log" |
29 |
LOGFILE="aide.log" |
| 30 |
CONFFILE="/etc/aide/aide.conf" |
30 |
CONFFILE="/etc/aide/aide.conf" |
| 31 |
ERRORLOG="aide_error.log" |
31 |
ERRORLOG="aide_error.log" |
|
|
32 |
MAILLOG="aide_mail.log" |
| 32 |
ERRORTMP=`tempfile --directory "/tmp" --prefix "$ERRORLOG"` |
33 |
ERRORTMP=`tempfile --directory "/tmp" --prefix "$ERRORLOG"` |
| 33 |
|
34 |
|
| 34 |
[ -f /usr/bin/aide ] || exit 0 |
35 |
[ -f /usr/bin/aide ] || exit 0 |
|
Lines 44-53
Link Here
|
| 44 |
AIDEARGS="-V4" |
45 |
AIDEARGS="-V4" |
| 45 |
|
46 |
|
| 46 |
if [ ! -f $DATABASE ]; then |
47 |
if [ ! -f $DATABASE ]; then |
| 47 |
( |
48 |
/usr/sbin/sendmail $MAILTO <<EOF |
| 48 |
echo "Fatal error: The AIDE database does not exist!" |
49 |
Subject: Daily AIDE report for $FQDN |
| 49 |
echo "This may mean you haven't created it, or it may mean that someone has removed it." |
50 |
From: root@${FQDN} |
| 50 |
) | /bin/mail -s "Daily AIDE report for $FQDN" $MAILTO |
51 |
To: ${MAILTO} |
|
|
52 |
Fatal error: The AIDE database does not exist! |
| 53 |
This may mean you haven't created it, or it may mean that someone has removed it. |
| 54 |
EOF |
| 51 |
exit 0 |
55 |
exit 0 |
| 52 |
fi |
56 |
fi |
| 53 |
|
57 |
|
|
Lines 63-69
Link Here
|
| 63 |
exit 0 |
67 |
exit 0 |
| 64 |
fi |
68 |
fi |
| 65 |
|
69 |
|
| 66 |
(cat << EOF; |
70 |
MAILTMP=`tempfile --directory "/tmp" --prefix "$MAILLOG"` |
|
|
71 |
|
| 72 |
(cat << EOF |
| 67 |
This is an automated report generated by the Advanced Intrusion Detection |
73 |
This is an automated report generated by the Advanced Intrusion Detection |
| 68 |
Environment on $FQDN ${DATE}. |
74 |
Environment on $FQDN ${DATE}. |
| 69 |
|
75 |
|
|
Lines 72-78
Link Here
|
| 72 |
# include error log in daily report e-mail |
78 |
# include error log in daily report e-mail |
| 73 |
|
79 |
|
| 74 |
if [ "$RETVAL" != "0" ]; then |
80 |
if [ "$RETVAL" != "0" ]; then |
| 75 |
cat > "$LOGDIR/$ERRORLOG" << EOF; |
81 |
cat > "$LOGDIR/$ERRORLOG" << EOF |
| 76 |
|
82 |
|
| 77 |
***************************************************************************** |
83 |
***************************************************************************** |
| 78 |
* aide returned a non-zero exit value * |
84 |
* aide returned a non-zero exit value * |
|
Lines 89-95
Link Here
|
| 89 |
if [ -s "$LOGDIR/$ERRORLOG" ]; then |
95 |
if [ -s "$LOGDIR/$ERRORLOG" ]; then |
| 90 |
errorlines=`wc -l "$LOGDIR/$ERRORLOG" | awk '{ print $1 }'` |
96 |
errorlines=`wc -l "$LOGDIR/$ERRORLOG" | awk '{ print $1 }'` |
| 91 |
if [ ${errorlines:=0} -gt $LINES ]; then |
97 |
if [ ${errorlines:=0} -gt $LINES ]; then |
| 92 |
cat << EOF; |
98 |
cat << EOF |
| 93 |
|
99 |
|
| 94 |
**************************************************************************** |
100 |
**************************************************************************** |
| 95 |
* aide has returned many errors. * |
101 |
* aide has returned many errors. * |
|
Lines 129-135
Link Here
|
| 129 |
if [ -s "$NOISETMP" ]; then |
135 |
if [ -s "$NOISETMP" ]; then |
| 130 |
loglines=`< $NOISETMP wc -l | awk '{ print $1 }'` |
136 |
loglines=`< $NOISETMP wc -l | awk '{ print $1 }'` |
| 131 |
if [ ${loglines:=0} -gt $LINES ]; then |
137 |
if [ ${loglines:=0} -gt $LINES ]; then |
| 132 |
cat << EOF; |
138 |
cat << EOF |
| 133 |
|
139 |
|
| 134 |
**************************************************************************** |
140 |
**************************************************************************** |
| 135 |
* aide has returned long output which has been truncated in this mail * |
141 |
* aide has returned long output which has been truncated in this mail * |
|
Lines 155-161
Link Here
|
| 155 |
if [ -s "$LOGDIR/$LOGFILE" ]; then |
161 |
if [ -s "$LOGDIR/$LOGFILE" ]; then |
| 156 |
loglines=`wc -l "$LOGDIR/$LOGFILE" | awk '{ print $1 }'` |
162 |
loglines=`wc -l "$LOGDIR/$LOGFILE" | awk '{ print $1 }'` |
| 157 |
if [ ${loglines:=0} -gt $LINES ]; then |
163 |
if [ ${loglines:=0} -gt $LINES ]; then |
| 158 |
cat << EOF; |
164 |
cat << EOF |
| 159 |
|
165 |
|
| 160 |
**************************************************************************** |
166 |
**************************************************************************** |
| 161 |
* aide has returned long output which has been truncated in this mail * |
167 |
* aide has returned long output which has been truncated in this mail * |
|
Lines 172-175
Link Here
|
| 172 |
else |
178 |
else |
| 173 |
echo "AIDE detected no changes." |
179 |
echo "AIDE detected no changes." |
| 174 |
fi |
180 |
fi |
| 175 |
) | /bin/mail -s "Daily AIDE report for $FQDN" $MAILTO |
181 |
) > ${MAILTMP} |
|
|
182 |
|
| 183 |
( |
| 184 |
cat <<EOF |
| 185 |
Subject: Daily AIDE report for $FQDN |
| 186 |
From: root@${FQDN} |
| 187 |
To: ${MAILTO} |
| 188 |
EOF |
| 189 |
cat ${MAILTMP} |
| 190 |
) | /usr/sbin/sendmail $MAILTO |
| 191 |
|
| 192 |
rm -f "$MAILTMP" |
