OwlCyberSecurity - MANAGER

Edit File: check_exec_file_poisoning_status.sh

#!/bin/bash # # Bash strict mode. set -uo pipefail # State file to check. STATE_FILE="/root/etc/exec_file_poisoning_detector/last_run_summary.state" # Allowed time difference in seconds. Default: 43200 seconds (12 hours). ALLOWED_TIME_DIFF=43200 # Check if the state file exists and is not empty. if [[ ! -e "${STATE_FILE}" ]]; then echo "ERROR: State file ${STATE_FILE} does not exist." exit 2 fi # Check the last modification time of the state file and if it is empty. current_time=$(date +%s) state_file_mod_time=$(stat -c %Y "${STATE_FILE}") time_diff=$((current_time - state_file_mod_time)) if [[ ! -s "${STATE_FILE}" ]]; then if (( time_diff > ALLOWED_TIME_DIFF )); then echo "CRITICAL: State file ${STATE_FILE} is empty and was modified more than $((ALLOWED_TIME_DIFF / 3600)) hours ago." exit 2 else echo "WARNING: State file ${STATE_FILE} is empty." exit 1 fi elif (( time_diff > ALLOWED_TIME_DIFF )); then echo "CRITICAL!: State file ${STATE_FILE} was modified more than $((ALLOWED_TIME_DIFF / 3600)) hours ago." exit 2 fi # Get the last line of the state file. last_line=$(tail -n 1 "${STATE_FILE}") if [[ "${last_line}" == *"OK!"* ]]; then echo "${last_line}" exit 0 elif [[ "${last_line}" == *"WARNING!"* ]]; then echo "${last_line}" exit 1 elif [[ "${last_line}" == *"CRITICAL!"* ]]; then echo "${last_line}" exit 2 elif [[ "${last_line}" == *"ERROR!"* ]]; then echo "${last_line}" exit 2 else echo "UNKNOWN: ${last_line}" exit 3 fi