<- Scripts
#!/bin/bash
# Purpose:
# Version: 2018.10.01
# Dependencies: inc_system.sh
######################################
# Preamble: 2018.10.01 #
######################################
set -a; DIR_SCRIPTS="/u01/app/scripts"; source $DIR_SCRIPTS/inc_system.sh
sFullName=$(basename "$0"); me=${sFullName%.*}
sSLog="$DIR_LOGS/$me.sess.log"; sHLog="$DIR_LOGS/$me.hist.log"; > $sSLog
if [[ $MAINT_WINDOW -eq 1 ]]; then printf "Maintenance Window Detected - Exiting\n"; exit; fi
# User Vars
usrAudDir="$DIR_SCRIPTS/aud"
#usrEmailList="michaele@sccu.com OpNetTeam@sccu.com"
usrEmailList="michaele@sccu.com"
usrEmailDelay=30; # How many minutes before email alert sent again (inhibits email alert spam)
usrNetAdminDir="/u01/app/oracle/product/12.1.0/db_1/network/admin"
usrORACLE_SID="dnasolo"
usrReset=0;
# User Options (Enable\Disable)
optCron=1
optRpms=1
optOSNetCfg=1
optTNSCfg=1
######################################
# Init Script Actions\Functions\Vars #
######################################
sDateSN=`date "+%Y%m%d_%H%M"`
fLastEmail="$DIR_TMP/$me.email.flg"
! [[ -f $fLastEmail ]] && touch $fLastEmail -t 201712151500;
if ! [ -d $usrAudDir ]; then mkdir $usrAudDir; fi
if ! [ -d $usrAudDir/changes ]; then mkdir $usrAudDir/changes; fi
# Functions
alert() {
printf "`now`,$1\n" | tee -a $sAlertLog;
nOK2Send=$(( (`date +%s` - `stat -L --format %Y $fLastEmail`) > ($usrEmailDelay*60) ));
[[ $nOK2Send -eq 1 ]] && mail -s "Audit Alert: $HOSTNAME" "$usrEmailList" <<< "$1";
[[ $nOK2Send -eq 1 ]] && touch $fLastEmail;
}
chkFile() {
fSource=$1
fBaseName=$2
log "$sSLog" " $fSource"
cp $fSource $usrAudDir/$fBaseName.aud
cmp -s $usrAudDir/$fBaseName.orig $usrAudDir/$fBaseName.aud > /dev/null
if [ $? -eq 1 ]; then
alert "$fSource changed."
# Log Changes
cp $usrAudDir/$fBaseName.orig $usrAudDir/changes/$fBaseName.orig.$sDateSN
cp $usrAudDir/$fBaseName.aud $usrAudDir/changes/$fBaseName.aud.$sDateSN
# Reset
cp $fSource $usrAudDir/$fBaseName.orig
fi
}
# Process CmdLine Parameters
if [[ "$1" == "1" ]]; then usrReset=1; fi
######################################
# Start #
######################################
clear; log "$sSLog" "$sFullName Started"; linesep
SysVars_show
# Heading Plus
printf "ORACLE_SID: $ORACLE_SID\n"
printf "ORACLE_HOME: $ORACLE_HOME\n"
linesep
printf "usrReset: $usrReset\n"
printf "optCron: $optCron\n"
printf "optRpms: $optRpms\n"
printf "optOSNetCfg: $optOSNetCfg\n"
printf "optTNSCfg: $optTNSCfg\n"
linesep "="
sleep 3
# Set\Reset Baseline Files
if [ $usrReset -eq 1 ]; then
log "$sSLog" "Reseting Baseline Files..."
mkdir -p $usrAudDir/changes
who -b | awk '{ print $3 " " $4 }' > $usrAudDir/last_reboot.orig
cp $HOME/.bashrc $usrAudDir/bashrc.orig
cp /etc/passwd $usrAudDir/passwd.orig
cp /etc/group $usrAudDir/group.orig
cp /etc/hosts $usrAudDir/hosts.orig
cp /etc/security/limits.conf $usrAudDir/limits.orig
cp /etc/resolv.conf $usrAudDir/resolv.conf.orig
cp /etc/nsswitch.conf $usrAudDir/nsswitch.conf.orig
cp /etc/sysctl.conf $usrAudDir/sysctl.orig
rpm -qa>$usrAudDir/rpms.orig
crontab -l>$usrAudDir/cron.orig
cp $usrNetAdminDir/tnsnames.ora $usrAudDir/tnsnames.ora.orig
cp $usrNetAdminDir/sqlnet.ora $usrAudDir/sqlnet.ora.orig
fi
# optCron
if [[ $optOSNetCfg -eq 1 ]]; then
log "$sSLog" "[Checking cron]"
crontab -l>$usrAudDir/cron.aud
cmp -s $usrAudDir/cron.orig $usrAudDir/cron.aud > /dev/null
if [ $? -eq 1 ]; then
alert "cron changed."
# Log Changes
cp $usrAudDir/cron.orig $usrAudDir/changes/cron.orig.$sDateSN
cp $usrAudDir/cron.aud $usrAudDir/changes/cron.aud.$sDateSN
# Reset
crontab -l>$usrAudDir/cron.orig
fi
fi
# optOSNetCfg
if [[ $optOSNetCfg -eq 1 ]]; then
log "$sSLog" "[Checking OS Configuration]"
chkFile "$HOME/.bashrc" "bashrc"
chkFile "/etc/passwd" "passwd"
chkFile "/etc/group" "group"
chkFile "/etc/hosts" "hosts"
chkFile "/etc/security/limits.conf" "limits"
chkFile "/etc/resolv.conf" "resolv.conf"
chkFile "/etc/nsswitch.conf" "nsswitch.conf"
chkFile "/etc/sysctl.conf" "sysctl.conf"
fi
# optTNSCfg
if [[ $optTNSCfg -eq 1 ]]; then
log "$sSLog" "[Checking TNS Configuration]"
chkFile "$usrNetAdminDir/tnsnames.ora" "tnsnames.ora"
chkFile "$usrNetAdminDir/sqlnet.ora" "sqlnet.ora"
fi
# rpms
if [[ $optRpms -eq 1 ]]; then
log "$sSLog" "[Checking Installed rpms]"
rpm -qa>$usrAudDir/rpms.aud
cmp -s $usrAudDir/rpms.orig $usrAudDir/rpms.aud > /dev/null
if [ $? -eq 1 ]; then
alert "rpms changed."
# Log Changes
cp $usrAudDir/rpms.orig $usrAudDir/changes/rpms.orig.$sDateSN
cp $usrAudDir/rpms.aud $usrAudDir/changes/rpms.aud.$sDateSN
# Reset
rpm -qa>$usrAudDir/rpms.orig
fi
fi
######################################
# End #
######################################
log "$sSLog" "$sFullName Ended [Elapse Time: $(elapse)]";
echo $(linesep "=") >> $sHLog; cat $sSLog >> $sHLog;
tail -32768 $sHLog > $sHLog.tmp; mv $sHLog.tmp $sHLog
