-
Notifications
You must be signed in to change notification settings - Fork 3
/
aide_summary_to_syslog.bash
33 lines (31 loc) · 1.78 KB
/
aide_summary_to_syslog.bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#!/bin/bash
#
# Script: aide_summary_to_syslog.bash
# Purpose: Do regular aide check for security reasons. Write summary to (remote) syslog so a central log analyzer will alert you
# How to run: Scheduled from crontab
# How to analyze: Please give Nagios Log Server a try (https://www.nagios.com/products/nagios-log-server/#benefits)
# Author: Jorgen van der Meulen (Conclusion Xforce)
#
# Version: 0.1 2015-01-20 initial creation
#==================================================
# Customize this:
THISHOST=$(hostname)
ENTRY="for ${THISHOST}. Please consult /var/log/aide/aide.log"
LOGGER_TAG=linuxaudit
# Note 1: Change syslog priorities in this script to match your needs
# Note 2: Change aide.conf to match your needs
# End customizations
/usr/bin/nice -n 19 /usr/sbin/aide --check >/dev/null 2>&1
RETVAL=$?
case $RETVAL in
0) logger -t ${LOGGER_TAG} -p authpriv.notice "$0 found no differences ${ENTRY}";;
1) logger -t ${LOGGER_TAG} -p authpriv.warn "$0 found NEW files ${ENTRY}";;
2) logger -t ${LOGGER_TAG} -p authpriv.warn "$0 found REMOVED files ${ENTRY}";;
3) logger -t ${LOGGER_TAG} -p authpriv.warn "$0 found both NEW and REMOVED files ${ENTRY}";;
4) logger -t ${LOGGER_TAG} -p authpriv.warn "$0 found CHANGED files ${ENTRY}";;
5) logger -t ${LOGGER_TAG} -p authpriv.warn "$0 found both NEW and CHANGED files ${ENTRY}";;
6) logger -t ${LOGGER_TAG} -p authpriv.warn "$0 found both REMOVED and CHANGED files ${ENTRY}";;
7) logger -t ${LOGGER_TAG} -p authpriv.warn "$0 found NEW, REMOVED and CHANGED files ${ENTRY}";;
19) logger -t ${LOGGER_TAG} -p authpriv.crit "$0 error 19: Version mismatch error ${ENTRY}";;
*) logger -t ${LOGGER_TAG} -p authpriv.crit "$0 other error ${RETVAL} ${ENTRY}";;
esac