update

aideCheck.sh

@@ -34,7 +34,7 @@ AIDE=$AIDE_BIN$AIDE_CONF
 # Nothing to be modified below this line
 ########################################################################
 VERSION=20200501
-MYHOST=`hostname`
+MYHOST=`hostname -f`
 MYIP=`hostname -i`
 ALERTRV=0
 TMP=/var/lib/aide/aideCheck.$$.txt
@@ -62,23 +62,22 @@ echo "aideCheck.sh has sent you and AIDE report for: $MYHOST ($MYIP)" > $TMP.mai
 echo " ">> $TMP.mailReport
 
 # Run a diagonstic, this can take some time and CPU, be nice
-nice $AIDE --check > $TMP
+nice $AIDE --check 1>$TMP 2>&1
 
 # Look for issues, alert if any
 if [ $CHANGED_ALERT -eq 1 ]; then
-  cat $TMP |grep -e "^changed:" > $TMP.aideFail.changed
+  cat $TMP | grep -e "^changed:" > $TMP.aideFail.changed
   touch $TMP.aideFail.changed
   nbLinesChanged=`wc -l $TMP.aideFail.changed | awk '{print $1}'`
 fi
 if [ $ADDED_ALERT -eq 1 ]; then
-  cat $TMP |grep -e "^added:" > $TMP.aideFail.added
+  cat $TMP | grep -e "^added:" > $TMP.aideFail.added
   touch $TMP.aideFail.added
   nbLinesAdded=`wc -l $TMP.aideFail.added | awk '{print $1}'`
 fi
 
-touch $TMP.aideFail
 nbLines=`expr $nbLinesAdded + $nbLinesChanged`
-if [ $nbLines -ne 0 ]; then
+if [ $nbLines -gt 0 ]; then
   ALERTRV=1
   echo "You may want to look at this summary, and attached full report:" >> $TMP.mailReport
   echo "============================================================" >> $TMP.mailReport
@@ -93,12 +92,14 @@ if [ $nbLines -ne 0 ]; then
 
   if [ $AIDE_UPDATE -eq 1 ]; then
     echo " "  >> $TMP.mailReport
-    echo "Running aide --update to refresh the baseline. Warning : you may miss important alerts, you should not use this setting in production" >> $TMP.mailReport
-    nice $AIDE $AIDE_UPDATE_OPTS 1>>$TMP.mailReport 2>&1
+    echo "Running aide database update to refresh the baseline. Warning: you may miss important alerts, you should not use this setting in production" >> $TMP.mailReport
+    echo "============================================================" >> $TMP
+    echo "aideCheck.sh running a database update:" >> $TMP
+    nice $AIDE $AIDE_UPDATE_OPTS 1>>$TMP 2>&1
     if [ ! -f $AIDE_DB ] || [ ! -f $AIDE_DBNEW ]; then
-      echo "Can't update databse, current or new update missing"  >> $TMP.mailReport
+      echo "Error: can't update databse, current or new update missing"  >> $TMP.mailReport
     else
-      mv -v -f $AIDE_DBNEW $AIDE_DB 1>> $TMP.mailReport 2>&1
+      mv -v -f $AIDE_DBNEW $AIDE_DB 1>>$TMP 2>&1
       if [ $? -ne 0 ]; then
         echo "Error: can't swap old and new database"  >> $TMP.mailReport
       fi
@@ -110,13 +111,12 @@ if [ $nbLines -ne 0 ]; then
   echo " "  >> $TMP.mailReport
   echo "=END=v$VERSION==============================================" >> $TMP.mailReport
 
-  cat $TMP.mailReport
-
-
   # send the alert if needed
   if [ "x$MAIL\x" != "x\x" ]; then
     cat $TMP.mailReport | mutt -a $TMP -s "[aideCheck.sh] Alert for $MYHOST, suspicious changes detected" -- $MAIL
   fi
+else
+  echo "Nothing changed"
 fi
 
 rm -f $TMP $TMP.mailReport $TMP.aideFail $TMP.aideFail.added $TMP.aideFail.changed