#!/bin/sh # Last Update: 5 February 2014 # Designed by: Dusan U. Baljevic (dusan.baljevic@ieee.org) # Coded by: Dusan U. Baljevic (dusan.baljevic@ieee.org) # Script to switch HP-UX 11i v2 and v3 audit files # Copyright 2006-2014 Dusan Baljevic # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # Ensure PATH is set safely # PATH=/usr/sbin:/sbin:/bin; export PATH # Path where audit trails are saved # DEFPATH="/var/audit" # Name for audit trails # DEFNAME="audtrail_new" # This might be potentially used to save audit trails in another directory # BCKDIR="/opt/audbck" # Audit trail size # AUDLOGSIZE=1000 # Audit trail name extension# # AUDEXT="$(date '+%Y%m%d_%H%M')" # Check the path to log files # audsys | while read myaudsys do if [ ! "$CURRSTAT" ] then CURRSTAT=$(echo $myaudsys | awk '/^auditing system is currently off/ {print}') fi if [ ! "$CURRAUD" ] then CURRAUD=$(echo $myaudsys | awk '/^current file:/ && /\// {print $3}') fi if [ ! "$NEXTAUD" ] then NEXTAUD=$(echo $myaudsys | awk '/^next/ && /\// {print $3}') fi if [ ! "$CURRUSE" ] then CURRUSE=$(echo $myaudsys | awk '/^current file:/ && ! /\// {print $5}') fi done # Extract the number of the current audit trail # if [ ! "$NEXTAUD" ] then # CURRNO="`echo $CURRAUD | sed -e \"s/^.*\(.\)$/\1/\"`" CURRNO=$(basename $CURRAUD | sed -e 's/[a-z]//g' -e 's/[A-Z]//g' -e 's/_//g' -e 's/\.//g') NEWNO=$(expr $CURRNO + 1) if [ ! "$CURRSTAT" ] then # Stop auditing # #audsys -f #audsys -n -c $DEFPATH/${DEFNAME}$NEWNO -s $AUDLOGSIZE -x $DEFPATH/${DEFNAME}$NEWNO2 -z $AUDLOGSIZE if [ "$AUDEXT" ] then audsys -c $CURRAUD -s $AUDLOGSIZE -x $DEFPATH/${DEFNAME}.$AUDEXT -z $AUDLOGSIZE else audsys -c $CURRAUD -s $AUDLOGSIZE -x $DEFPATH/${DEFNAME}$NEWNO -z $AUDLOGSIZE fi if [ $? -ne 0 ] then logger "FAIL Audsys could not create audit trail $DEFPATH/${DEFNAME}$NEWNO" exit 1 fi logger "SUCCESS Audsys added new audit trail $DEFPATH/${DEFNAME}$NEWNO" fi fi exit 0