""" Command-builder module for managing AIDE (Advanced Intrusion Detection Environment) file integrity monitoring on a Linux VPS. Each function returns a bash command string. """ def status_cmd() -> str: """Check if AIDE is installed, show version and database file dates.""" return ( "echo '=== AIDE Status ===';" " if command -v aide >/dev/null 2>&1; then" " echo 'AIDE is installed';" " aide --version 2>&1 | head -1;" " else" " echo 'AIDE is NOT installed';" " fi;" " echo;" " echo '=== Database Files ===';" " ls -lh /var/lib/aide/aide.db /var/lib/aide/aide.db.new 2>/dev/null" " || echo 'No AIDE database files found'" ) def install_cmd() -> str: """Install AIDE, initialize the database, and copy it into place.""" return ( "export DEBIAN_FRONTEND=noninteractive;" " apt-get update -qq" " && apt-get install -y -qq aide" " && echo 'Running aideinit (this may take a while)...'" " && aideinit" " && cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db" " && echo 'AIDE installed and database initialized successfully'" ) def check_cmd() -> str: """Run AIDE integrity check showing changed, added, and removed files.""" return ( "echo '=== AIDE Integrity Check ===';" " aide --check 2>&1;" " echo;" " echo 'Exit code:' $?" ) def update_cmd() -> str: """Update AIDE database, accepting current filesystem state as the new baseline.""" return ( "echo '=== AIDE Database Update ===';" " aide --update" " && cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db" " && echo 'Database updated — current state is now the baseline'" ) def init_cmd() -> str: """Re-initialize the AIDE database from scratch.""" return ( "echo '=== AIDE Database Re-initialization ===';" " aideinit" " && cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db" " && echo 'Database re-initialized successfully'" ) def log_cmd(lines: int = 50) -> str: """Show the AIDE log file.""" return ( f"if [ -f /var/log/aide/aide.log ]; then" f" tail -n {lines} /var/log/aide/aide.log;" f" else" f" echo 'No AIDE log found at /var/log/aide/aide.log';" f" fi" ) def config_cmd() -> str: """Display the full AIDE configuration file.""" return "cat /etc/aide/aide.conf" def config_rules_cmd() -> str: """Show just the rule definitions from aide.conf (lines starting with / or =).""" return ( "echo '=== AIDE Rule Definitions ===';" " grep -E '^(/|!|=)' /etc/aide/aide.conf" ) def compare_cmd() -> str: """Compare two AIDE databases (current baseline vs new).""" return ( "echo '=== AIDE Database Comparison ===';" " aide --compare 2>&1" ) def schedule_cmd(schedule: str = "daily") -> str: """Set up a cron job for periodic AIDE checks (daily or weekly).""" cron_script = "/etc/cron.{schedule}/aide-check".format(schedule=schedule) script_body = ( "#!/bin/bash\\n" "/usr/bin/aide --check > /var/log/aide/aide.log 2>&1" ) return ( f"echo -e '{script_body}' > {cron_script}" f" && chmod 755 {cron_script}" f" && echo 'AIDE {schedule} check scheduled at {cron_script}'" ) def schedule_status_cmd() -> str: """Show any existing AIDE cron jobs.""" return ( "echo '=== AIDE Scheduled Jobs ===';" " ls -la /etc/cron.daily/aide-check /etc/cron.weekly/aide-check 2>/dev/null" " || echo 'No AIDE cron jobs found';" " echo;" " echo '=== Crontab entries ===';" " crontab -l 2>/dev/null | grep -i aide" " || echo 'No AIDE entries in crontab'" ) def schedule_remove_cmd() -> str: """Remove all AIDE cron jobs.""" return ( "rm -f /etc/cron.daily/aide-check /etc/cron.weekly/aide-check" " && echo 'AIDE scheduled checks removed'" ) def uninstall_cmd() -> str: """Remove AIDE and its databases.""" return ( "export DEBIAN_FRONTEND=noninteractive;" " apt-get remove --purge -y -qq aide" " && rm -rf /var/lib/aide /var/log/aide" " && echo 'AIDE uninstalled and data removed'" )