1 |
#!/bin/sh |
2 |
# |
3 |
# script to update and rotate the AIDE database files and |
4 |
# create a detached GPG signature to verify the database file |
5 |
# |
6 |
# written by Vincent Danen <vdanen-at-annvix.org> |
7 |
# |
8 |
# $Id: aideupdate 6662 2007-01-13 19:06:24Z vdanen $ |
9 |
|
10 |
gpg="/usr/bin/gpg" |
11 |
aide="/usr/sbin/aide" |
12 |
fname="aide-`hostname`-`date +%Y%m%d-%H%M%S`" |
13 |
host="`hostname`" |
14 |
|
15 |
if [ ! -d /var/lib/aide ]; then |
16 |
printf "The AIDE database directory /var/lib/aide does not exist!\n\n" |
17 |
exit 1 |
18 |
fi |
19 |
|
20 |
if [ ! -d /var/lib/aide/reports ]; then |
21 |
printf "Creating /var/lib/aide/reports to store reports\n" |
22 |
mkdir /var/lib/aide/reports && chmod 0700 /var/lib/aide/reports |
23 |
fi |
24 |
|
25 |
pushd /var/lib/aide >/dev/null |
26 |
|
27 |
# copy the old database |
28 |
if [ -f aide.db ]; then |
29 |
newfile="${fname}.db" |
30 |
if [ -f aide.db.sig ]; then |
31 |
# do an integrity check |
32 |
${gpg} --verify aide.db.sig |
33 |
if [ "$?" == "1" ]; then |
34 |
printf "************************************************************\n" |
35 |
printf "GPG signature FAILED! Your database has been tampered with!\n" |
36 |
printf "************************************************************\n" |
37 |
exit 1 |
38 |
fi |
39 |
else |
40 |
printf "**************************************************************\n" |
41 |
printf "No GPG signature file found! Your system may be compromised\n" |
42 |
printf "or incorrectly configured! Please read man afterboot for\n" |
43 |
printf "more information on how to correctly configure AIDE on Annvix!\n" |
44 |
printf "**************************************************************\n" |
45 |
exit 1 |
46 |
fi |
47 |
|
48 |
# this function signs the aide.db with gpg |
49 |
signfile() { |
50 |
unset gpgpass |
51 |
printf "\n" |
52 |
read -s -e -p "Enter AIDE passphrase for aide@${host}: " gpgpass |
53 |
printf "\n" |
54 |
echo ${gpgpass} | ${gpg} -u aide@${host} --passphrase-fd stdin --no-tty --detach-sign aide.db |
55 |
if [ "$?" == "1" ]; then |
56 |
printf "FATAL: Error occurred when creating the signature file!\n\n" |
57 |
exit 1 |
58 |
fi |
59 |
} |
60 |
|
61 |
cp -a aide.db ${newfile} |
62 |
${aide} --update -B "database=file:/var/lib/aide/${newfile}" -B "database_out=file:/var/lib/aide/aide.db" \ |
63 |
-B "report_url=file:/var/lib/aide/reports/${fname}.report" |
64 |
# create the signature file |
65 |
[[ -f aide.db.sig ]] && rm -f aide.db.sig |
66 |
signfile |
67 |
[[ ! -f aide.db.sig ]] && { |
68 |
printf "No signature was created; bad passphrase? Try it again.\n\n" |
69 |
signfile |
70 |
} |
71 |
[[ ! -f aide.db.sig ]] && { |
72 |
printf "FATAL: Signature was not created twice! Something is very wrong here.\n\n" |
73 |
exit 1 |
74 |
} |
75 |
printf "Database successfully signed.\n\n" |
76 |
gzip -9f ${newfile} |
77 |
else |
78 |
printf "The AIDE database does not exist, can't update!\n\n" |
79 |
exit 1 |
80 |
fi |
81 |
|
82 |
popd >/dev/null |
83 |
|
84 |
exit 0 |