AIDE: Rotating Data Files

Repeating is safe

Some people may be a bit concerned, upon seeing these instructions multiple times, if rotating the database multiple times will cause any problems (because a filename isn't what is expected). The answer is: no. Rotating multiple times in a row does not cause any problems. Once the files are fully rotating, trying to follow this “rotate” process again will simply cause no effect. (That is believed to be true; maybe it takes up a tiny amount of disk space, in which case this statement may need to be slightly modified. However, it doesn't break things.)

So, if in doubt, go ahead and rotate.

Using a script

Rotating has been a process that gets repeated enough that using a script file was deemed worthwhile. See if the script file exists:

which aidertat
If the script exists

If it does, then, great. Go ahead and use it (if you trust the software on this machine).

aidertat
Otherwise

If the script doesn't exist yet, determine whether it should be installed. The key reason not to use the script is just that the current version requires OpenSSH's ksh (or a suitably compatible shell; bash is also currently believed to be suitable enough to work). If such a shell is undesirable, then using the older method may be needed.

If you are going to be using the script, start by obtaining, and then installing it as follows:

export AIDEWSCF=http://cyberpillar.com/dirsver/1/mainsite/techns/bhndscen/protsoft/filintgr/aide/mkaidecf/aidecfsc/aidecfs1

(If you are going to use a private server, then have the variable reference that location.)

ftp -v -o ~/aidertat.gz ${AIDEWSCF}/aidescr1/aidertt1.gz
ln ~/aidertat.gz ~/gztoextr.gz
gzip -d ~/gztoextr.gz
sudo mv -i ~/gztoextr /usr/local/bin/aidertat
sudo chown :wheel /usr/local/bin/aidertat
sudo chmod ug+x /usr/local/bin/aidertat

The publicly downloadable script was designed for default paths. If that is not acceptable, then customize as needed.

Then, of course, if the goal was the rotate the data files, then go ahead and run the script.

$ aidertat
Rotate out old files...
ls: /var/db/aide/olddbs/aide.db.old*: No such file or directory
usage: chmod [-R [-H | -L | -P]] mode file ...
ls: /var/db/aide/olddbs/aide.db.old*: No such file or directory
Rotate out new files...
Rotation done.
$
The older approach

The older approach involved setting some variables (which was usually done using “copy and paste”) if they were not set yet, and then using “copy and paste” on a number of commands.

Setting required variables

To use the sample command lines that are available as part of this documentation, the first step is to set a couple of environment variables. You may use the default locations (instead of using custom locations) for filenames. If you do, you may simply run the following:

export AIDEDBFL=/var/db
export AIDEOUTF=/var/db

The values of these variables should match the locations of data files. A more thorough discussion on this is available: AIDE Environment Variables.

It is highly recommended that you try to minimize the number of times that you need to type these commands. If you are in some sort of environment where there is no easy method to use “copy and paste”, then typing these commands in manually may be reasonably feasible. The task is likely to be a bit annoying, but tolerable. However, if you need to do that, do type the commands in a text editor, because these commands are recommended to be run multiple times. (A hyperlink to directions, for creating a script file, may be added here at a later time.)

The next steps depend on what environment you're in.

The abbreviated method

If you're using OpenBSD's ksh or another shell that is compatible enough, you may use this.

The following steps will perform rotation of old files, if the situation would recommend doing so. The steps will also rotate out the new files, as recommended.

echo Rotate out old files...
[ -f ${AIDEOUTF}/aide.db.new ] && [ -f ${AIDEOUTF}/aide.db ] && ( sudo mkdir -p ${AIDEDBFL}/aide/olddbs && sudo mv ${AIDEDBFL}/aide.db $( sudo mktemp -p ${AIDEDBFL}/aide/olddbs/ "aide.db.old$( date +%F%H%M%S%Z%a)${RANDOM}XXXXXXXXXX" ) )
sudo chmod u-w $( ls -tr ${AIDEDBFL}/aide/olddbs/aide.db.old* | tail -1 )
ls -Fltr ${AIDEDBFL}/aide/olddbs/aide.db.old* | tail -1
echo Rotate out new files...
[ -f ${AIDEOUTF}/aide.db.new ] && sudo mv ${AIDEOUTF}/aide.db.new ${AIDEDBFL}/aide.db

(The ls command is completely unnecessary, and is simply showing a demonstration of reporting the most recent file, which presumably used the filename that was created by mktemp.)

Other options

As an alternative to running the above commands, those who do not use OpenBSD's ksh (or anything sufficiently compatible) may follow the less abbreviated process. Details are at File integrity checking: rotating AIDE database files

That documentation is a bit older, though, and doesn't chmod.