aidecheck

#!/bin/sh
#
# script to run aide --check and verify GPG signatures
#
# written by Vincent Danen <vdanen-at-annvix.org>
#
# $Id$

# variables
version="@pkg_version@"
hostname=`uname -n`
gpg="/usr/bin/gpg"
aide="/usr/sbin/aide"
fname="aide-`hostname`-`date +%Y%m%d-%H%M%S`"
header="AIDE+gpg - GnuPG authenticity for AIDE databases\nversion: ${version} - \$Id$\n\n"

# get the database directory
dbdir=$(egrep '^@@define DBDIR' /etc/aide.conf | awk '{print $3}')
database_file=$(egrep '^database=' /etc/aide.conf | sed "s|file:@@{DBDIR}|${dbdir}|g" | cut -d '=' -f 2)
databasenew_file=$(egrep '^database_out=' /etc/aide.conf | sed "s|file:@@{DBDIR}|${dbdir}|g" | cut -d '=' -f 2)

export GNUPGHOME=/root/.gnupg

gpg_verify() {
    if [ ! -f ${1} ]; then
        printf "**** Error: No GPG signature found for the AIDE ${2}!\n"
        printf "**** Unabel to verify; your system may be compromised or incorrectly configured!\n"
        exit 1
    fi

    printf "\nVerifying ${2}: "
    ${gpg} --verify ${1}
    if [ "$?" != "0" ]; then
        printf "************************************************************\n"
        printf "GPG signature FAILED!  Your ${2} has been tampered with!\n"
        printf "************************************************************\n"
        exit 1
    fi
}

printf "AIDE+gpg integrity check for ${hostname} beginning (`date`)\n"
if [ ! -e ${database_file} ] ; then
    printf "**** Error: AIDE database for ${hostname} not found.\n"
    printf "**** Run 'aideinit' to create the database file.\n"
else
    if [ -f /etc/aide.conf ]; then
        gpg_verify /etc/aide.conf.sig configuration
        gpg_verify ${aide}.sig binary
        pushd ${dbdir} >/dev/null
            gpg_verify ${database_file}.sig database
        popd >/dev/null
        printf "\nVerifying AIDE database...\n"
        nice -20 ${aide} --check -B "report_url=file:/var/lib/aide/reports/${fname}.report" 2>/dev/null
    fi
fi

exit 0