source-git / aide

Clone
Source Code
GIT

Blame contrib/gpg2_update.sh

c8 c8s master
  1.   5e8d2a71b5a56a29dd192172b0b661f83a859336
  2.   contrib
  3.   gpg2_update.sh
Blob History Raw
Packit Service 5e8d2a 
#!/bin/sh
Packit Service 5e8d2a 
# $Id$
Packit Service 5e8d2a 
#
Packit Service 5e8d2a 
# script to update and rotate the AIDE database files and, optionally
Packit Service 5e8d2a 
# create a detached GPG signature to verify the database file
Packit Service 5e8d2a 
#
Packit Service 5e8d2a 
# written by Vincent Danen <vdanen-at-annvix.org> 01/21/2006
Packit Service 5e8d2a
Packit Service 5e8d2a 
usegpg=0
Packit Service 5e8d2a
Packit Service 5e8d2a 
if [ -f /root/.gnupg/secring.gpg ]; then
Packit Service 5e8d2a 
    usegpg=1
Packit Service 5e8d2a 
fi
Packit Service 5e8d2a
Packit Service 5e8d2a 
if [ ! -d /var/lib/aide ]; then
Packit Service 5e8d2a 
    echo "The AIDE database directory /var/lib/aide does not exist!"
Packit Service 5e8d2a 
    exit 1
Packit Service 5e8d2a 
fi
Packit Service 5e8d2a
Packit Service 5e8d2a 
pushd /var/lib/aide >/dev/null
Packit Service 5e8d2a
Packit Service 5e8d2a 
# copy the old database
Packit Service 5e8d2a 
if [ -f aide.db ]; then
Packit Service 5e8d2a 
    newfile="aide-`hostname`-`date +%Y%m%d-%H%M%S`.db"
Packit Service 5e8d2a 
    if [ "${usegpg}" == 1 -a -f aide.db.sig ]; then
Packit Service 5e8d2a 
        # do an integrity check
Packit Service 5e8d2a 
	gpg --verify aide.db.sig
Packit Service 5e8d2a 
	if [ "$?" == "1" ]; then
Packit Service 5e8d2a 
	    echo "************************************************************"
Packit Service 5e8d2a 
	    echo "GPG signature FAILED!  Your database has been tampered with!"
Packit Service 5e8d2a 
	    echo "************************************************************"
Packit Service 5e8d2a 
	    exit 1
Packit Service 5e8d2a 
	fi
Packit Service 5e8d2a 
    fi
Packit Service 5e8d2a 
    cp -av aide.db ${newfile}
Packit Service 5e8d2a 
    /usr/sbin/aide --update -B "database=file:/var/lib/aide/${newfile}"
Packit Service 5e8d2a 
    if [ "${usegpg}" == "1" ]; then
Packit Service 5e8d2a 
	# create the signature file
Packit Service 5e8d2a 
	[[ -f aide.db.sig ]] && rm -f aide.db.sig
Packit Service 5e8d2a 
        gpg --detach-sign aide.db
Packit Service 5e8d2a 
	if [ "$?" == "1" ]; then
Packit Service 5e8d2a 
	    echo "FATAL:  Error occurred when creating the signature file!"
Packit Service 5e8d2a 
	    exit 1
Packit Service 5e8d2a 
	fi
Packit Service 5e8d2a 
    fi
Packit Service 5e8d2a 
    gzip -9f ${newfile}
Packit Service 5e8d2a 
else
Packit Service 5e8d2a 
    echo "The AIDE database does not exist, can't update!"
Packit Service 5e8d2a 
    exit 1
Packit Service 5e8d2a 
fi
Packit Service 5e8d2a
Packit Service 5e8d2a 
popd >/dev/null

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation