From 082b98eca6f4200cf32744582c5ff1b385ea88db Mon Sep 17 00:00:00 2001 From: Nathan Peters Date: Wed, 20 Dec 2017 14:36:19 -0800 Subject: [PATCH 1/2] Updated aide_scan_notification remediation to run cron job as root --- shared/fixes/bash/aide_scan_notification.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/fixes/bash/aide_scan_notification.sh b/shared/fixes/bash/aide_scan_notification.sh index ac63227836..3862b21825 100644 --- a/shared/fixes/bash/aide_scan_notification.sh +++ b/shared/fixes/bash/aide_scan_notification.sh @@ -11,6 +11,6 @@ if [ -f /var/spool/cron/root ]; then fi if ! grep -qR '^.*\/usr\/sbin\/aide\s*\-\-check.*\|.*\/bin\/mail\s*-s\s*".*"\s*root@.*$' $CRONTAB $VARSPOOL $CRONDIRS; then - echo '0 5 * * * /usr/sbin/aide --check | /bin/mail -s "$(hostname) - AIDE Integrity Check" root@localhost' >> $CRONTAB + echo '0 5 * * * root /usr/sbin/aide --check | /bin/mail -s "$(hostname) - AIDE Integrity Check" root@localhost' >> $CRONTAB fi From 6443aac41c6b28198c762d136805aaab090be45d Mon Sep 17 00:00:00 2001 From: Nathan Peters Date: Wed, 20 Dec 2017 14:50:36 -0800 Subject: [PATCH 2/2] Fixed remediation script aide_scan_notification for regular grep syntax --- shared/fixes/bash/aide_scan_notification.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/fixes/bash/aide_scan_notification.sh b/shared/fixes/bash/aide_scan_notification.sh index 3862b21825..f6908bda64 100644 --- a/shared/fixes/bash/aide_scan_notification.sh +++ b/shared/fixes/bash/aide_scan_notification.sh @@ -10,7 +10,7 @@ if [ -f /var/spool/cron/root ]; then VARSPOOL=/var/spool/cron/root fi -if ! grep -qR '^.*\/usr\/sbin\/aide\s*\-\-check.*\|.*\/bin\/mail\s*-s\s*".*"\s*root@.*$' $CRONTAB $VARSPOOL $CRONDIRS; then +if ! grep -qR '^.*\/usr\/sbin\/aide\s*\-\-check.*|.*\/bin\/mail\s*-s\s*".*"\s*root@.*$' $CRONTAB $VARSPOOL $CRONDIRS; then echo '0 5 * * * root /usr/sbin/aide --check | /bin/mail -s "$(hostname) - AIDE Integrity Check" root@localhost' >> $CRONTAB fi