Blame contrib/gpg2_update.sh
|
Packit |
762fc5 |
#!/bin/sh
|
|
Packit |
762fc5 |
# $Id$
|
|
Packit |
762fc5 |
#
|
|
Packit |
762fc5 |
# script to update and rotate the AIDE database files and, optionally
|
|
Packit |
762fc5 |
# create a detached GPG signature to verify the database file
|
|
Packit |
762fc5 |
#
|
|
Packit |
762fc5 |
# written by Vincent Danen <vdanen-at-annvix.org> 01/21/2006
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
usegpg=0
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
if [ -f /root/.gnupg/secring.gpg ]; then
|
|
Packit |
762fc5 |
usegpg=1
|
|
Packit |
762fc5 |
fi
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
if [ ! -d /var/lib/aide ]; then
|
|
Packit |
762fc5 |
echo "The AIDE database directory /var/lib/aide does not exist!"
|
|
Packit |
762fc5 |
exit 1
|
|
Packit |
762fc5 |
fi
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
pushd /var/lib/aide >/dev/null
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
# copy the old database
|
|
Packit |
762fc5 |
if [ -f aide.db ]; then
|
|
Packit |
762fc5 |
newfile="aide-`hostname`-`date +%Y%m%d-%H%M%S`.db"
|
|
Packit |
762fc5 |
if [ "${usegpg}" == 1 -a -f aide.db.sig ]; then
|
|
Packit |
762fc5 |
# do an integrity check
|
|
Packit |
762fc5 |
gpg --verify aide.db.sig
|
|
Packit |
762fc5 |
if [ "$?" == "1" ]; then
|
|
Packit |
762fc5 |
echo "************************************************************"
|
|
Packit |
762fc5 |
echo "GPG signature FAILED! Your database has been tampered with!"
|
|
Packit |
762fc5 |
echo "************************************************************"
|
|
Packit |
762fc5 |
exit 1
|
|
Packit |
762fc5 |
fi
|
|
Packit |
762fc5 |
fi
|
|
Packit |
762fc5 |
cp -av aide.db ${newfile}
|
|
Packit |
762fc5 |
/usr/sbin/aide --update -B "database=file:/var/lib/aide/${newfile}"
|
|
Packit |
762fc5 |
if [ "${usegpg}" == "1" ]; then
|
|
Packit |
762fc5 |
# create the signature file
|
|
Packit |
762fc5 |
[[ -f aide.db.sig ]] && rm -f aide.db.sig
|
|
Packit |
762fc5 |
gpg --detach-sign aide.db
|
|
Packit |
762fc5 |
if [ "$?" == "1" ]; then
|
|
Packit |
762fc5 |
echo "FATAL: Error occurred when creating the signature file!"
|
|
Packit |
762fc5 |
exit 1
|
|
Packit |
762fc5 |
fi
|
|
Packit |
762fc5 |
fi
|
|
Packit |
762fc5 |
gzip -9f ${newfile}
|
|
Packit |
762fc5 |
else
|
|
Packit |
762fc5 |
echo "The AIDE database does not exist, can't update!"
|
|
Packit |
762fc5 |
exit 1
|
|
Packit |
762fc5 |
fi
|
|
Packit |
762fc5 |
|
|
Packit |
762fc5 |
popd >/dev/null
|