[Aide] Re AIDE email scipts examples

Filip Rembiałkowski plk.zuber at gmail.com
Wed Sep 27 17:03:31 EEST 2006 

2006/9/27, Chuck Amadi Systems Administrator <chuck at smtl.co.uk>:
> I am after a simple slick aide email script to place in
> my /etc/cron.daily
> I have something knocked up as below but would like to check a few
> examples.

here you are.

#!/bin/sh
#
#assumptions:
# got ssh and sudo configured on remote HOSTs
# config for HOST in aide_HOST.conf
# run it daily with ./aide.sh user at host scan
# commit changes with  ./aide.sh host commit
#
aidebin=/sbin/aide
remotedir=/var/tmp
#
usage() {
echo "Usage: $0 [user@]host init|scan|report|commit"
echo "init: scan host, save db as permanent"
echo "scan: scan host, save daily db, output the report"
echo "report: recompare, but don't scan"
echo "commit: make daily db permanent"
exit 1
}
#
function confess() {
echo "$@" 1>&2
exit 1
}
#
function valid_name() {
echo "$1" | grep -E -q '^[a-zA-Z0-9_.-]+$'
return $?
}
#
function push() {
test -f ${aidebin} || confess "aide binary (${aidebin}) missing"
unpush
scp -q "$@" ${aidebin} ${user_host}:${remotedir} || confess "cannot
push aide to ${host}"
}
#
function unpush() {
ssh "$@" ${user_host} rm -f ${remotedir}/aide || confess "cannot erase
aide from ${host}"
}
#
function init() {
test -f ${config} || confess "missing config [${config}]. init failed."
push
cat ${config} \
| ssh ${user_host} sudo ${remotedir}/aide --config - --init "$@" \
> ${permanent_db}
unpush
}
#
function scan() {
test -f ${permanent_db} || confess "scan failed. init first."
push
cat ${config} ${permanent_db} \
| ssh ${user_host} sudo ${remotedir}/aide --config - --update "$@" \
> ${daily_db} 2> ${daily_report} || confess "scan failed."
unpush
cat ${daily_db} | gzip > ${daily_db}.gz
cat ${daily_report}
cat ${daily_report} | gzip > ${daily_report}.gz
rm -f ${daily_db} ${daily_report}
}
#
function report() {
test -f ${permanent_db} || confess "nothing to report. init first."
test -f ${daily_db}.gz || confess "nothing to report. scan first."
local tmpfile=`mktemp`
chmod 600 ${tmpfile}
cat ${daily_db}.gz | gunzip > ${tmpfile}
cat ${config} ${permanent_db} \
| ${aidebin} --config - --before="database_new=file:${tmpfile}"
--compare "$@" 2>&1
rm -f ${tmpfile}
}
#
function commit() {
test -f ${daily_db}.gz || confess "nothing to commit today. scan first."
test -f ${permanent_db} && cp --preserve ${permanent_db} ${permanent_db}.bak
cat ${daily_db}.gz | gunzip > ${permanent_db}
}
#
date=`date +%F`
#
user_host=$1
action=$2
shift 2
#
[ -z "$user_host" ] && usage
[ -z "$action" ] && usage
#
if echo $user_host | grep -q '@'; then
user=`echo $user_host | cut -d '@' -f 1`
host=`echo $user_host | cut -d '@' -f 2`
else
user=`whoami`
host=$user_host
fi
#
valid_name "$user" || confess "user name [$user] not valid."
valid_name "$host" || confess "host name [$host] not valid."
#
config=aide_${host}.conf
permanent_db=aide_${host}.db
daily_db=${host}_${date}.db
daily_report=${host}_${date}.report
#
case $action in
init)
init "$@"
;;
scan)
scan "$@"
;;
commit)
commit "$@"
;;
report)
report "$@"
;;
*)
usage
;;
esac

More information about the Aide mailing list