Bug#406206: [Pkg-aide-maintainers] Bug#406206: aide: AIDE cronjob gives 'onexit: command not found' error
tags #406206 confirmed pending thanks On Fri, Jan 12, 2007 at 05:33:42PM +0100, Marc Haber wrote: That version was still buggy. New version attached. This one seems to work reasonably well. Committed to svn. Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#406206: [Pkg-aide-maintainers] Bug#406206: aide: AIDE cronjob gives 'onexit: command not found' error
On Thu, Jan 11, 2007 at 01:42:02PM +0100, Marc Haber wrote:
Addressing this issue was a little harder than actually expected and
resulted in a major refactoring of the daily cron job code. Can you
please try with the attached new cron script which I have commited to
svn?
That version was still buggy. New version attached.
Greetings
Marc
--
-
Marc Haber | I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
#!/bin/bash
set -e
set -C
# trap handler
traphandler() {
trap - INT ERR
if [ -n ${LOCKED:-} ]; then
# we have the lock,
pidof aide | xargs --no-run-if-empty kill -9
fi
onexit signal $1
return 0
}
trap ' traphandler INT; trap - INT ERR' INT
trap ' traphandler ERR; trap - INT ERR' ERR
# bail if no aide binary found
[ -f /usr/bin/aide ] || exit 0
# default variables
PATH=/sbin:/usr/sbin:/bin:/usr/bin
LOGDIR=/var/log/aide
# LOGFILE: /var/log/aide/aide.log - all logs untruncated (not temp)
LOGFILE=$LOGDIR/aide.log
CONFFILE=/var/lib/aide/aide.conf.autogenerated
PREFIX=aide
TMPBASE=/var/run/aide
LOCKFILE=$TMPBASE/cron.daily.lock
TMPDIRIN=$TMPBASE/cron.daily
AIDEARGS=-V4
FQDN=$(hostname -f)
MAILSUBJ=Daily AIDE report for $FQDN
DATE=$(date +%Y-%m-%d %H:%M)
BEGINSTAMP=$(date +%Y-%m-%d %H:%M:%S)
# have /etc/default/aide override variables
if [ -f /etc/default/aide ]; then
. /etc/default/aide
fi
# from here on, we're going to bail on unbound variables
set -u
# umask
umask 077
# grep aide configuration data from aide config
DATABASE=$( $CONFFILE grep ^database=file:/ | head -n 1 | cut
--delimiter=: --fields=2)
DATABASE_OUT=$( $CONFFILE grep ^database_out=file:/ | head -n 1 | cut
--delimiter=: --fields=2)
# default values
MAILTO=${MAILTO:-root}
eval MAILTO=$MAILTO
DATABASE=${DATABASE:-/var/lib/aide/aide.db}
LINES=${LINES:-1000}
COMMAND=${COMMAND:-check}
COPYNEWDB=${COPYNEWDB:-no}
QUIETREPORTS=${QUIETREPORTS:-no}
ONEXIT=
# functions
mytempfile() {
NAME=$1
echo $TMPDIR/$NAME
touch $TMPDIR/$NAME
}
frame() {
WIDTH=78
STARS=***
SPACES=
printf %s\n ${STARS:1:$WIDTH}
while read line ; do
HALF=${SPACES:1:$((($WIDTH-${#line})/2))}
LINE=$HALF$line$SPACES
printf *%s*\n ${LINE:1:$(($WIDTH-2))}
done
printf %s\n ${STARS:1:$WIDTH}
}
onexit() {
if [ $ONEXIT = running ]; then
return 1
fi
ONEXIT=running
local LOGHEAD
local MAILHEAD
case $1 in
signal)
LOGHEAD=$(printf terminated with signal %s $2)
MAILHEAD=$(printf The cron job was terminated with signal %s
$2)
;;
fatal)
LOGHEAD=$(printf terminated by fatal error.)
MAILHEAD=$(printf The cron job was terminated by a fatal
error.)
;;
nolock)
LOGHEAD=$(printf terminated because lock %s could not be
obtaiend. $LOCKFILE)
MAILHEAD=$(printf The cron job was terminated because lock %s
could not be obtained. $LOCKFILE)
;;
cantmovetmp)
LOGHEAD=$(printf terminated: Cannot move away %s.
$TMPDIRIN)
MAILHEAD=$(printf The cron job was terminated: Cannot move
away %s. $TMPDIRIN)
;;
cantcreatetmp)
LOGHEAD=$(printf terminated: Cannot create temporary
directory %s. $TMPDIRIN)
MAILHEAD=$(printf The cron job was terminated: Cannot create
temporary directory %s. $TMPDIRIN)
;;
success)
;;
*)
LOGHEAD=$(printf wrong parameter (\%s\) to onexit. $1)
MAILHEAD=$(printf The cron job was terminated for unknown
reasons, and a wrong parameter (\%s\)was given to onexit. $1)
;;
esac
if [ -z ${TMPDIR:-} ] || [ -z ${MAILFILE:-} ]; then
# we are being called so early that we are not yet fully initialized
# LOGHEAD goes to syslog instead of LOGFILE since we do not know
# what's up with LOGFILE
logger -t aide-cron-daily $LOGHEAD
echo $MAILHEAD | /usr/bin/mail -s premature termination - $MAILSUBJ
$MAILTO
else
# we are being called after the cron job was properly set up.
# To the full works.
[ -f $LOGFILE ] savelog -t -g adm -m 640 -u root -c 7 $LOGFILE
/dev/null
printf $MAILFILE \
This is an automated report generated by the Advanced Intrusion Detection
Environment on %s started at %s.\n\n $FQDN $BEGINSTAMP
printf $LOGFILE \
aide run on %s started at %s.\n $FQDN $BEGINSTAMP
if [ -n $LOGHEAD ]; then
printf $LOGHEAD\n | frame $LOGFILE
printf \n $LOGFILE
Bug#406206: [Pkg-aide-maintainers] Bug#406206: aide: AIDE cronjob gives 'onexit: command not found' error
Addressing this issue was a little harder than actually expected and
resulted in a major refactoring of the daily cron job code. Can you
please try with the attached new cron script which I have commited to
svn?
Greetings
Marc
--
-
Marc Haber | I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
#!/bin/bash
set -e
set -C
# trap handler
traphandler() {
trap - INT ERR
if [ -n ${LOCKED:-} ]; then
# we have the lock,
pidof aide | xargs --no-run-if-empty kill -9
fi
onexit signal $1
return 0
}
trap ' traphandler INT; trap - INT ERR' INT
trap ' traphandler ERR; trap - INT ERR' ERR
# bail if no aide binary found
[ -f /usr/bin/aide ] || exit 0
# default variables
PATH=/sbin:/usr/sbin:/bin:/usr/bin
LOGDIR=/var/log/aide
LOGFILE=$LOGDIR/aide.log
CONFFILE=/var/lib/aide/aide.conf.autogenerated
PREFIX=aide
TMPBASE=/var/run/aide
LOCKFILE=$TMPBASE/cron.daily.lock
TMPDIRIN=$TMPBASE/cron.daily
AIDEARGS=-V4
FQDN=$(hostname -f)
MAILSUBJ=Daily AIDE report for $FQDN
DATE=$(date +%Y-%m-%d %H:%M)
# have /etc/default/aide override variables
if [ -f /etc/default/aide ]; then
. /etc/default/aide
fi
# from here on, we're going to bail on unbound variables
set -u
# umask
umask 077
# grep aide configuration data from aide config
DATABASE=$( $CONFFILE grep ^database=file:/ | head -n 1 | cut
--delimiter=: --fields=2)
DATABASE_OUT=$( $CONFFILE grep ^database_out=file:/ | head -n 1 | cut
--delimiter=: --fields=2)
# default values
MAILTO=${MAILTO:-root}
eval MAILTO=$MAILTO
DATABASE=${DATABASE:-/var/lib/aide/aide.db}
LINES=${LINES:-1000}
COMMAND=${COMMAND:-check}
COPYNEWDB=${COPYNEWDB:-no}
QUIETREPORTS=${QUIETREPORTS:-no}
ONEXIT=
# functions
mytempfile() {
NAME=$1
echo $TMPDIR/$NAME
touch $TMPDIR/$NAME
}
frame() {
WIDTH=78
STARS=***
SPACES=
printf %s\n ${STARS:1:$WIDTH}
while read line ; do
HALF=${SPACES:1:$((($WIDTH-${#line})/2))}
LINE=$HALF$line$SPACES
printf *%s*\n ${LINE:1:$(($WIDTH-2))}
done
printf %s\n ${STARS:1:$WIDTH}
}
onexit() {
if [ $ONEXIT = running ]; then
return 1
fi
ONEXIT=running
local LOGHEAD
local MAILHEAD
case $1 in
signal)
LOGHEAD=$(printf terminated with signal %s $2)
MAILHEAD=$(printf The cron job was terminated with signal %s
$2)
;;
fatal)
LOGHEAD=$(printf terminated by fatal error.)
MAILHEAD=$(printf The cron job was terminated by a fatal
error.)
;;
nolock)
LOGHEAD=$(printf terminated because lock %s could not be
obtaiend. $LOCKFILE)
MAILHEAD=$(printf The cron job was terminated because lock %s
could not be obtained. $LOCKFILE)
;;
cantmovetmp)
LOGHEAD=$(printf terminated: Cannot move away %s.
$TMPDIRIN)
MAILHEAD=$(printf The cron job was terminated: Cannot move
away %s. $TMPDIRIN)
;;
cantcreatetmp)
LOGHEAD=$(printf terminated: Cannot create temporary
directory %s. $TMPDIRIN)
MAILHEAD=$(printf The cron job was terminated: Cannot create
temporary directory %s. $TMPDIRIN)
;;
success)
;;
*)
LOGHEAD=$(printf wrong parameter (\%s\) to onexit. $1)
MAILHEAD=$(printf The cron job was terminated for unknown
reasons, and a wrong parameter (\%s\)was given to onexit. $1)
;;
esac
if [ -z ${TMPDIR:-} ]; then
# we are being called so early that no TMPDIR exists yet
# LOGHEAD goes to syslog instead of LOGFILE since we do not know
# what's up with LOGFILE
logger -t aide-cron-daily $LOGHEAD
echo $MAILHEAD | /usr/bin/mail -s premature termination - $MAILSUBJ
$MAILTO
else
# we are being called after the cron job was properly set up.
# To the full works.
[ -f $LOGFILE ] savelog -t -g adm -m 640 -u root -c 7 $LOGFILE
/dev/null
printf $MAILFILE \
This is an automated report generated by the Advanced Intrusion Detection
Environment on %s started at %s.\n\n $FQDN $BEGINSTAMP
printf $LOGFILE \
aide run on %s started at %s.\n $FQDN $BEGINSTAMP
if [ -n $LOGHEAD ]; then
printf $LOGHEAD\n | frame $LOGFILE
printf \n $LOGFILE
fi
if [ -n $MAILHEAD ]; then
printf $MAILHEAD\n | frame $MAILFILE
printf \n\n $MAILFILE
fi
# script errors
if [ -n ${ERRORLOG:-} ] [ -s $ERRORLOG ]; then
printf script errors\n | frame $MAILFILE
$ERRORLOG
Bug#406206: [Pkg-aide-maintainers] Bug#406206: aide: AIDE cronjob gives 'onexit: command not found' error
On Tue, Jan 09, 2007 at 04:17:54PM +0100, P.M. van Aalten wrote: I can't really believe that not everyone has this problem, but: Every day I get an e-mail as a result of the AIDE cron job. It contains: --- /etc/cron.daily/aide: line 117: onexit: command not found /etc/cron.daily/aide: line 61: onexit: command not found run-parts: /etc/cron.daily/aide exited with return code 127 --- My scripting capabilities are limited, but according to /etc/cron.daily/aide, function 'onexit' is defined on line 135 so it sounds logical that the command isn't yet known on lines 61 and 117. AIDE exits with an error message Your argumentation sounds ok. Line 117 is in an error handler for the case that the aide lock file cannot be obtained. Can you please verify whether you might have a stale /var/run/aide/cron.daily.lock hanging around? Does moving the function definition of onexit to an earlier place (for example, right behind the umask 077 statement in line 39, help? The error happening in an error handler might be the cause for this not happening with all installations since this error happens quite rarely. and I assume (perhaps not justified) that AIDE doesn't do it's intrusion detection. You can verify this in your logs, see /var/log/aide. Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
