From 230ff9ea7d678711dbe470980b633302671a73e6 Mon Sep 17 00:00:00 2001
From: x p k <xpk@headdesk.me>
Date: Sun, 5 Dec 2021 11:24:57 +0800
Subject: [PATCH] NEW: aide scripts

---
 sh/aide-check.sh  | 8 ++++++++
 sh/aide-update.sh | 5 +++++
 2 files changed, 13 insertions(+)
 create mode 100644 sh/aide-check.sh
 create mode 100644 sh/aide-update.sh

diff --git a/sh/aide-check.sh b/sh/aide-check.sh
new file mode 100644
index 0000000..411c80a
--- /dev/null
+++ b/sh/aide-check.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+aide --check -r file:/var/log/aide-check.log
+COUNT=$(egrep '(Added|Removed|Changed).*[0-9]' /var/log/aide-check.log | awk '{SUM+=$NF}; END {print SUM}')
+if [ $COUNT -gt 0 ]; then
+        # changes detected
+        cat /var/log/aide-check.log | mailx -s "AIDE alert" -r security@your-domain.com -- yourself@your-domain.com
+fi
+
diff --git a/sh/aide-update.sh b/sh/aide-update.sh
new file mode 100644
index 0000000..1458dfd
--- /dev/null
+++ b/sh/aide-update.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+aide -u
+mv /var/lib/aide/{aide.db.gz,aide.db.previous.gz}
+mv /var/lib/aide/{aide.db.new.gz,aide.db.gz}
+aide -C