Contents of /cauldron/aide/current/SOURCES/aideupdate

#!/bin/sh
#
# script to update and rotate the AIDE database files and
# create a detached GPG signature to verify the database file
#
# written by Vincent Danen <vdanen-at-annvix.org>
#
# $Id: aideupdate 6662 2007-01-13 19:06:24Z vdanen $

gpg="/usr/bin/gpg"
aide="/usr/sbin/aide"
fname="aide-`hostname`-`date +%Y%m%d-%H%M%S`"
host="`hostname`"

if [ ! -d /var/lib/aide ]; then
    printf "The AIDE database directory /var/lib/aide does not exist!\n\n"
    exit 1
fi

if [ ! -d /var/lib/aide/reports ]; then
    printf "Creating /var/lib/aide/reports to store reports\n"
    mkdir /var/lib/aide/reports && chmod 0700 /var/lib/aide/reports
fi

pushd /var/lib/aide >/dev/null

# copy the old database
if [ -f aide.db ]; then
    newfile="${fname}.db"
    if [ -f aide.db.sig ]; then
        # do an integrity check
        ${gpg} --verify aide.db.sig
        if [ "$?" == "1" ]; then
            printf "************************************************************\n"
            printf "GPG signature FAILED!  Your database has been tampered with!\n"
            printf "************************************************************\n"
            exit 1
        fi
    else
        printf "**************************************************************\n"
        printf "No GPG signature file found!  Your system may be compromised\n"
        printf "or incorrectly configured!  Please read man afterboot for\n"
        printf "more information on how to correctly configure AIDE on Annvix!\n"
        printf "**************************************************************\n"
        exit 1
    fi
    
    # this function signs the aide.db with gpg
    signfile() {
        unset gpgpass
        printf "\n"
        read -s -e -p "Enter AIDE passphrase for aide@${host}: " gpgpass
        printf "\n"
        echo ${gpgpass} | ${gpg} -u aide@${host} --passphrase-fd stdin --no-tty --detach-sign aide.db
        if [ "$?" == "1" ]; then
            printf "FATAL:  Error occurred when creating the signature file!\n\n"
            exit 1
        fi
    }
    
    cp -a aide.db ${newfile} 
    ${aide} --update -B "database=file:/var/lib/aide/${newfile}" -B "database_out=file:/var/lib/aide/aide.db" \
        -B "report_url=file:/var/lib/aide/reports/${fname}.report"
    # create the signature file
    [[ -f aide.db.sig ]] && rm -f aide.db.sig
    signfile
    [[ ! -f aide.db.sig ]] && {
        printf "No signature was created; bad passphrase?  Try it again.\n\n"
        signfile
    }
    [[ ! -f aide.db.sig ]] && {
        printf "FATAL: Signature was not created twice!  Something is very wrong here.\n\n"
        exit 1
    }
    printf "Database successfully signed.\n\n"
    gzip -9f ${newfile}
else
    printf "The AIDE database does not exist, can't update!\n\n"
    exit 1
fi

popd >/dev/null

exit 0
1	#!/bin/sh
2	#
3	# script to update and rotate the AIDE database files and
4	# create a detached GPG signature to verify the database file
5	#
6	# written by Vincent Danen <vdanen-at-annvix.org>
7	#
8	# $Id: aideupdate 6662 2007-01-13 19:06:24Z vdanen $
9
10	gpg="/usr/bin/gpg"
11	aide="/usr/sbin/aide"
12	fname="aide-`hostname`-`date +%Y%m%d-%H%M%S`"
13	host="`hostname`"
14
15	if [ ! -d /var/lib/aide ]; then
16	printf "The AIDE database directory /var/lib/aide does not exist!\n\n"
17	exit 1
18	fi
19
20	if [ ! -d /var/lib/aide/reports ]; then
21	printf "Creating /var/lib/aide/reports to store reports\n"
22	mkdir /var/lib/aide/reports && chmod 0700 /var/lib/aide/reports
23	fi
24
25	pushd /var/lib/aide >/dev/null
26
27	# copy the old database
28	if [ -f aide.db ]; then
29	newfile="${fname}.db"
30	if [ -f aide.db.sig ]; then
31	# do an integrity check
32	${gpg} --verify aide.db.sig
33	if [ "$?" == "1" ]; then
34	printf "************************************************************\n"
35	printf "GPG signature FAILED! Your database has been tampered with!\n"
36	printf "************************************************************\n"
37	exit 1
38	fi
39	else
40	printf "**************************************************************\n"
41	printf "No GPG signature file found! Your system may be compromised\n"
42	printf "or incorrectly configured! Please read man afterboot for\n"
43	printf "more information on how to correctly configure AIDE on Annvix!\n"
44	printf "**************************************************************\n"
45	exit 1
46	fi
47
48	# this function signs the aide.db with gpg
49	signfile() {
50	unset gpgpass
51	printf "\n"
52	read -s -e -p "Enter AIDE passphrase for aide@${host}: " gpgpass
53	printf "\n"
54	echo ${gpgpass} \| ${gpg} -u aide@${host} --passphrase-fd stdin --no-tty --detach-sign aide.db
55	if [ "$?" == "1" ]; then
56	printf "FATAL: Error occurred when creating the signature file!\n\n"
57	exit 1
58	fi
59	}
60
61	cp -a aide.db ${newfile}
62	${aide} --update -B "database=file:/var/lib/aide/${newfile}" -B "database_out=file:/var/lib/aide/aide.db" \
63	-B "report_url=file:/var/lib/aide/reports/${fname}.report"
64	# create the signature file
65	[[ -f aide.db.sig ]] && rm -f aide.db.sig
66	signfile
67	[[ ! -f aide.db.sig ]] && {
68	printf "No signature was created; bad passphrase? Try it again.\n\n"
69	signfile
70	}
71	[[ ! -f aide.db.sig ]] && {
72	printf "FATAL: Signature was not created twice! Something is very wrong here.\n\n"
73	exit 1
74	}
75	printf "Database successfully signed.\n\n"
76	gzip -9f ${newfile}
77	else
78	printf "The AIDE database does not exist, can't update!\n\n"
79	exit 1
80	fi
81
82	popd >/dev/null
83
84	exit 0