58,12 → 58,25 |
function archive() { |
mkdir -p $DIR_ARCHIVE |
mkdir -p $DIR_TMP |
mv $(echo $(ls -rt $DIR_LOG/firewall/tracability.log*.gz | tail -n 1 -)) $DIR_TMP/tracability-HTTP.log-$NOW.gz |
mv $(echo $(ls -rt $DIR_BASE/radius-*.sql | tail -n 1 -)) $DIR_TMP/ |
nb_files=`ls $DIR_LOG/firewall/tracability.log*.gz 2>/dev/null | wc -w` |
if [ $nb_files -ne 0 ]; then |
mv $(echo $(ls -rt $DIR_LOG/firewall/tracability.log*.gz | tail -n 1 -)) $DIR_TMP/tracability-HTTP.log-$NOW.gz |
fi |
nb_files=`ls $DIR_BASE/radius-*.sql 2>/dev/null | wc -w` |
if [ $nb_files -ne 0 ]; then |
mv $(echo $(ls -rt $DIR_BASE/radius-*.sql | tail -n 1 -)) $DIR_TMP/ |
fi |
cd /var/log/nfsen/profiles-data/live/ipt_netflow |
find . -mtime -7 -name 'nfcapd.[0-9]*' | xargs tar -cf $DIR_TMP/tracability-ALL.log-$NOW.tar; |
nb_files=`find . -mtime -7 -name 'nfcapd.[0-9]*' | wc -l` |
if [ $nb_files -ne 0 ]; then |
find . -mtime -7 -name 'nfcapd.[0-9]*' | xargs tar -cf $DIR_TMP/tracability-ALL.log-$NOW.tar; |
fi |
cd /tmp/ |
tar cvzf /tmp/$FILE archive-$NOW/* |
nb_files=`ls archive-$NOW/* 2>/dev/null | wc -w` |
if [ $nb_files -ne 0 ]; then |
tar cvzf /tmp/$FILE archive-$NOW/* |
else echo "no file to archive" |
fi |
} # end archive |
|
# Core script |
78,22 → 91,24 |
--now | -n) |
cleanup |
archive |
if [ $CRYPT -eq "1" ]; then |
{ |
# 1 ) chiffrement/signature =1 ==> gpg --encrypt avec test de la clé présente |
gpg --output $DIR_ARCHIVE/$FILE-crypt.gpg --armor --encrypt --recipient $GPG_USER /tmp/$FILE |
} |
elif [ $SIGN -eq "1" ]; then |
{ |
# 2) signature = 1 Chiffrement = 0 --> gpg --encrypt idem test de la clé présente |
gpg --output $DIR_ARCHIVE/$FILE-sign.gpg --sign --recipient $GPG_USER /tmp/$FILE |
gpg --output $DIR_ARCHIVE/$FILE-sign.gpg --sign --recipient $GPG_USER --detach-sign /tmp/$FILE |
} |
else |
{ |
# 3) chiffrement/signature = 0 --> cp simple avec suppression des droits d'écriture |
cp /tmp/$FILE $DIR_ARCHIVE/. |
} |
if [ -e /tmp/$FILE ]; then |
if [ $CRYPT -eq "1" ]; then |
{ |
# 1 ) chiffrement/signature =1 ==> gpg --encrypt avec test de la clé présente |
gpg --output $DIR_ARCHIVE/$FILE-crypt.gpg --armor --encrypt --recipient $GPG_USER /tmp/$FILE |
} |
elif [ $SIGN -eq "1" ]; then |
{ |
# 2) signature = 1 Chiffrement = 0 --> gpg --encrypt idem test de la clé présente |
gpg --output $DIR_ARCHIVE/$FILE-sign.gpg --sign --recipient $GPG_USER /tmp/$FILE |
gpg --output $DIR_ARCHIVE/$FILE-sign.gpg --sign --recipient $GPG_USER --detach-sign /tmp/$FILE |
} |
else |
{ |
# 3) chiffrement/signature = 0 --> cp simple avec suppression des droits d'écriture |
cp /tmp/$FILE $DIR_ARCHIVE/. |
} |
fi |
fi |
rm -rf /tmp/archive-* |
chown root:apache $DIR_ARCHIVE/* |