#!/bin/sh

# Last Update: 5 February 2014
# Designed by: Dusan U. Baljevic (dusan.baljevic@ieee.org)
# Coded by:    Dusan U. Baljevic (dusan.baljevic@ieee.org)

# Script to switch HP-UX 11i v2 and v3 audit files
 
# Copyright 2006-2014 Dusan Baljevic
# 
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
# Ensure PATH is set safely
#
PATH=/usr/sbin:/sbin:/bin; export PATH

# Path where audit trails are saved
#
DEFPATH="/var/audit"

# Name for audit trails
#
DEFNAME="audtrail_new"

# This might be potentially used to save audit trails in another directory
#
BCKDIR="/opt/audbck"

# Audit trail size
#
AUDLOGSIZE=1000

# Audit trail name extension#
#
AUDEXT="$(date '+%Y%m%d_%H%M')"

# Check the path to log files
# 
audsys | while read myaudsys
do
   if [ ! "$CURRSTAT" ]
   then
      CURRSTAT=$(echo $myaudsys | awk '/^auditing system is currently off/ {print}')
   fi

   if [ ! "$CURRAUD" ]
   then
      CURRAUD=$(echo $myaudsys | awk '/^current file:/ && /\// {print $3}')
   fi

   if [ ! "$NEXTAUD" ]
   then
      NEXTAUD=$(echo $myaudsys | awk '/^next/ && /\// {print $3}')
   fi

   if [ ! "$CURRUSE" ]
   then
      CURRUSE=$(echo $myaudsys | awk '/^current file:/ && ! /\// {print $5}')
   fi
done

# Extract the number of the current audit trail
# 
if [ ! "$NEXTAUD" ]
then
#   CURRNO="`echo $CURRAUD | sed -e \"s/^.*\(.\)$/\1/\"`"
   CURRNO=$(basename $CURRAUD | sed -e 's/[a-z]//g' -e 's/[A-Z]//g' -e 's/_//g' -e 's/\.//g')
   NEWNO=$(expr $CURRNO + 1)

   if [ ! "$CURRSTAT" ]
   then
      # Stop auditing
      #
      #audsys -f

      #audsys -n -c $DEFPATH/${DEFNAME}$NEWNO -s $AUDLOGSIZE -x $DEFPATH/${DEFNAME}$NEWNO2 -z $AUDLOGSIZE
      if [ "$AUDEXT" ]
      then
         audsys -c $CURRAUD -s $AUDLOGSIZE -x $DEFPATH/${DEFNAME}.$AUDEXT -z $AUDLOGSIZE
      else
         audsys -c $CURRAUD -s $AUDLOGSIZE -x $DEFPATH/${DEFNAME}$NEWNO -z $AUDLOGSIZE
      fi

      if [ $? -ne 0 ]
      then
         logger "FAIL Audsys could not create audit trail  $DEFPATH/${DEFNAME}$NEWNO"
         exit 1
      fi
      logger "SUCCESS Audsys added new audit trail $DEFPATH/${DEFNAME}$NEWNO"
   fi
fi

exit 0