diff --git a/aideCheck.sh b/aideCheck.sh index 31aab0189939296cea8337b077ed1f9b0d121bd8..aedeefb02f1370da1c6c467c5e50ebd9788a612b 100644 --- a/aideCheck.sh +++ b/aideCheck.sh @@ -17,6 +17,14 @@ CHANGED_ALERT=1 ADDED_ALERT=1 # Set to 1 to run automatic aide update after execution (not recommended) AIDE_UPDATE=0 +# You may want to point to a specific aide configuration file, depending on your setup and distribution +AIDE=aide +if [ -f /etc/debian_version ]; then + AIDE="aide -c /etc/aide/aide.conf" +fi +if [ -f /etc/redhat-release ]; then + AIDE="aide -c /etc/aide.conf" +fi # Nothing to be modified below this line ######################################################################## @@ -25,6 +33,7 @@ MYHOST=`hostname` MYIP=`hostname -i` ALERTRV=0 TMP=/var/lib/aide/aideCheck.$$.txt +AIDE="aide -c /etc/aide/aide.conf" umask 077 @@ -35,7 +44,11 @@ if [ $? -ne 0 ]; then exit 10 fi -aide --help 1>/dev/null 2>&1 +if [ -f /etc/devian_version ]; then + # aide needs explicit config + AIDE="aide -c /etc/aide/aide.conf " +fi +$AIDE --help 1>/dev/null 2>&1 if [ $? -ne 0 ]; then echo "Error: you need AIDE to watch for system changes, and to setup AIDE on first use" echo "ex: yum install aide" @@ -46,7 +59,7 @@ fi echo "AIDE check report for: $MYHOST ($MYIP)" > $TMP.mailReport # Run a diagonstic, this can take some time and CPU, be nice -nice aide --check > $TMP +nice $AIDE --check > $TMP # Look for issues, alert if any if [ $CHANGED_ALERT -eq 1 ]; then @@ -72,7 +85,7 @@ if [ $nbLines -ne 0 ]; then if [ $AIDE_UPDATE -eq 1 ]; then echo "Running aide --update to refresh the baseline. Warning : you may miss important alerts, you should not use this setting in production" >> $TMP.mailReport - nice aide --update 1>>$TMP.mailReport 2>&1 + nice $AIDE --update 1>>$TMP.mailReport 2>&1 fi # send the alert if needed