maxiaide

#!/bin/bash
# secure the file permission creation
umask 077
# ==================================================
_APP_SPECIFIC_NAME="Maxiaide"
_APP_VERSION="1.7.2"
_APP_STATUS="beta"
_APP_INFO="${_APP_SPECIFIC_NAME} is a bash script CLI extension to manage
AIDE with extra features. Check file integrity aka File
Monitoring Script using AIDE (https://github.com/aide/aide)"
_APP_VERSION_STATUS="${_APP_VERSION}-${_APP_STATUS}"
_AUTHOR="Author: Arafat Ali | Email: arafat@sofibox.com | (C) 2019-2022"
# ====================================================

usage() {
  local usage_file
  usage_file="${SCRIPT_PATH}/readme.txt"
  if [ -f "${usage_file}" ]; then
    cat "${SCRIPT_PATH}/readme.txt"
    echo ""
  else
    echo "Error, the usage file ${usage_file} does not exist."
    exit 1
  fi
}

get_distro() {
  local arg distro_id distro_version distro_codename
  arg="$1"
  if [ -e /etc/os-release ]; then
    distro_id=$(awk -F= '$1 == "ID" {print $2}' /etc/os-release | LC_ALL=C tr '[:upper:]' '[:lower:]' | tr -d "\"")
    distro_version=$(awk -F= '$1 == "VERSION_ID" {print $2}' /etc/os-release | tr -d "\"")
    distro_codename=$(awk -F= '$1 == "VERSION_CODENAME" {print $2}' /etc/os-release | tr -d "\"")

  elif type lsb_release >/dev/null 2>&1; then
    distro_id=$(lsb_release -si | LC_ALL=C tr '[:upper:]' '[:lower:]')
    distro_version=$(lsb_release -sr)
    distro_codename=$(lsb_release -sc)
  else
    distro_id=$(uname -s)
    distro_version=$(uname -r)
    distro_codename=""
  fi
  if [ "${arg}" == "id" ]; then
    echo "${distro_id}"
  elif [ "${arg}" == "version" ]; then
    echo "${distro_version}"
  elif [ "${arg}" == "codename" ]; then
    echo "${distro_codename}"
  fi
}

# validate data
# syntax: if is_valid "email"; then
is_valid() {
  local type data1
  type="$1"
  data1="$2"
  if [[ "${type}" == "email" ]]; then
    if [[ "${data1}" =~ ^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$ ]]; then
      return 0
    else
      return 1
    fi
  fi
}
# ask for confirmation
# syntax:
# _confirm <text_string> <default_response_key>
# example:
# _confirm are you sure you want to do this? y
_confirm() {
  local text default_response
  text=$1
  default_response=$2
  if [ -z "${default_response}" ]; then
    default_response="Y"
  fi

  read -r -p "${text} [default:${default_response}] [Y/n]: " response
  # Simulate a default response so that we can press Enter key
  if [[ -z "${response}" ]]; then
    response="Y"
  else
    response="${default_response}"
  fi
  if [[ "$response" =~ ^([yY][eE][sS]|[yY])$ ]]; then
    return 0
  else
    exit 0
  fi
}

is_script_running() {
  pgrep -lf ".[ /]$1( |\$)"
}

# syntax:
# check_path "path1" "path2" "path3"
check_path() {
  local paths
  paths="$*"
  for path in ${paths}; do
    if [ -f "${path}" ]; then
      echo "[${SCRIPT_NAME}]: OK, the file path [ ${path} ] exists"
      return 0
    elif [ -d "${path}" ]; then
      echo "[${SCRIPT_NAME}]: OK, the directory path [ ${path} ] exists"
      return 0
    elif [ -L "${path}" ]; then
      echo "[${SCRIPT_NAME}]: OK, the symlink path [ ${path} ] exists"
      return 0
    elif [ -S "${path}" ]; then
      echo "[${SCRIPT_NAME}]: OK, the socket path [ ${path} ] exists"
      return 0
    else
      echo "[${SCRIPT_NAME}]: Error, the path [ ${path} ] does not exist!"
      exit 1
    fi
  done
}

# This function is use to filter other processes not run this script if they are running
# This is useful to prevent maxiaide running when server load is high, for example a full server backup script is running
# and you should not run AIDE
ensure_free_process() {
  local dnr_process_names
  dnr_process_names=("maxirsync maxiclam")
  for dnr_process_name in "${dnr_process_names[@]}"; do
    if is_script_running "${dnr_process_name}" >/dev/null; then
      echo "[${SCRIPT_NAME}]: Warning, unable to run ${_APP_SPECIFIC_NAME} script because ${dnr_process_name} is on do not run list"
      exit 1
    fi
  done
}

get_status_message() {
  local retval
  retval="$1"
  if [[ "${retval}" -eq 0 ]]; then
    echo " [ OK ]"
  else
    echo " [FAILED ]"
    exit 1
  fi
}
aide_update_rules() {
  echo -n "[${SCRIPT_NAME}]: Copying AIDE custom rule from ${TEMP_CUSTOM_RULES} into [ ${MAXIAIDE_CUSTOM_RULES} ] ..."
  cp "${TEMP_CUSTOM_RULES}" "${MAXIAIDE_CUSTOM_RULES}"
  get_status_message "$?"
  # Remove carriage return for the above files
  echo -n "[${SCRIPT_NAME}]: Removing carriage return from [ ${TEMP_CUSTOM_RULES} ] ..."
  sed -i 's/\r//g' "${TEMP_CUSTOM_RULES}"
  get_status_message "$?"
  echo -n "[${SCRIPT_NAME}]: Removing carriage return from [ ${MAXIAIDE_CUSTOM_RULES} ] ..."
  sed -i 's/\r//g' "${MAXIAIDE_CUSTOM_RULES}"
  get_status_message "$?"
  echo -n "[${SCRIPT_NAME}]: Removing carriage return from [ ${AIDE_DEFAULT_CUSTOM_CONF} ] ..."
  sed -i 's/\r//g' "${AIDE_DEFAULT_CUSTOM_CONF}"
  get_status_message "$?"

  chmod 644 "${MAXIAIDE_CUSTOM_RULES}"
  # AIDE did not put new line in rule file automatically after edit (user must manually put a new line)
  # So, below is a workaround for the following issue: https://github.com/aide/aide/issues/108
  if [[ -z "$(tail -c 1 "${MAXIAIDE_CUSTOM_RULES}")" && -s "${MAXIAIDE_CUSTOM_RULES}" ]]; then
    :
  else
    echo -n "[${SCRIPT_NAME}]: Adding a newline into custom rule file [ ${MAXIAIDE_CUSTOM_RULES} ] ..."
    echo "" >>"${MAXIAIDE_CUSTOM_RULES}"
    get_status_message "$?"
  fi
}
aide_check_configs() {

  # We check all the config files (including custom and built-in rules)
  echo -n "[${SCRIPT_NAME}]: Verifying AIDE config files ..."
  ${AIDE_BIN} --config-check --config="${AIDE_CUSTOM_CONF}"
  get_status_message "$?"
}

aide_init() {
  _confirm "[${SCRIPT_NAME}]: This will remove all AIDE databases. Are you sure you want to initialize AIDE?"
  # In case that the default custom config default_custom_aide.conf does not exist,
  # we pull out from the original config file location at /etc/aide/aide.conf and this would be the new default_custom_aide.conf
  # In brief, this will restore missing file default_custom_aide.conf from /etc/aide/aide.conf
  if [ ! -f "${AIDE_DEFAULT_CUSTOM_CONF}" ]; then
    echo -n "[${SCRIPT_NAME}]: Restoring ${AIDE_DEFAULT_CUSTOM_CONF} file from ${AIDE_DEFAULT_CONF} ..."
    cp "${AIDE_DEFAULT_CONF}" "${AIDE_DEFAULT_CUSTOM_CONF}"
    get_status_message "$?"
  fi

  # Restore custom_aide.conf from default_custom_aide.conf if file does not exist
  if [ ! -f "${AIDE_CUSTOM_CONF}" ]; then
    echo -n "[${SCRIPT_NAME}]: Warning, missing file ${AIDE_CUSTOM_CONF}. Restoring AIDE custom config file from ${AIDE_DEFAULT_CUSTOM_CONF} ..."
    cp "${AIDE_DEFAULT_CUSTOM_CONF}" "${AIDE_CUSTOM_CONF}"
    get_status_message "$?"
  else

    # Do backup AIDE config if file exist
    echo -n "[${SCRIPT_NAME}]: Backing up existing AIDE custom config ${AIDE_CUSTOM_CONF} as ${AIDE_CUSTOM_CONF}.${DATE_TIME_NOW}.backup ..."
    mv "${AIDE_CUSTOM_CONF}" "${AIDE_CUSTOM_CONF}.${DATE_TIME_NOW}.backup"
    get_status_message "$?"

    echo -n "[${SCRIPT_NAME}]: Restoring AIDE default custom config file from [ ${AIDE_DEFAULT_CUSTOM_CONF} ] into [ ${AIDE_CUSTOM_CONF} ] ..."
    cp "${AIDE_DEFAULT_CUSTOM_CONF}" "${AIDE_CUSTOM_CONF}"
    get_status_message "$?"

  fi

  # Remove AIDE existing database
  echo -n "[${SCRIPT_NAME}]: Removing AIDE existing database ..."
  rm -rf "${AIDE_DB}"
  get_status_message "$?"

  echo -n "[${SCRIPT_NAME}]: Initialize AIDE custom rules ..."

  {
    echo "# run maxiaide update-rule to update this custom rules into /etc/aide/aide.conf.d/"
    echo "# Example"
    echo "# !/root/.bash_history$ f"
  } >"${TEMP_CUSTOM_RULES}"

  get_status_message "$?"

  aide_update_rules
  aide_check_configs

}

aide_scan() {
  local retval added_count removed_count changed_count total_count file_plural file_status log_option db_action limit_option
  ensure_free_process
  if [ "${CRONJOB}" == "true" ]; then
    RUN_MODE="cronjob"
  else
    RUN_MODE="manual"
  fi

  # If file path is not empty (this means, the --limit option is set),
  # we check the path or regex to compare and we set the AIDE --limit <REGEX_STRING>
  # REGEX_STRING can be dir, path, regex ...
  if [ -n "${REGEX_STRING}" ]; then
    # check_path "${REGEX_STRING}"
    limit_option="--limit ${REGEX_STRING}"
  fi

  if [[ -n "${LOG_LEVEL}" ]]; then
    log_option="--log-level ${LOG_LEVEL}"
  elif [[ "${DEBUG}" == "true" ]]; then
    log_option="--log-level debug"
  elif [[ "${VERBOSE}" == "true" ]]; then
    log_option="--log-level info"
  else
    log_option=""
  fi

  if [[ "${DB_AUTO_UPDATE}" == "true" ]]; then
    db_action="--update"
  else
    echo "[${SCRIPT_NAME}]: Notice, the scan will only check for data changes without updating existing database because -u or --update option is not present!"
    db_action="--check"
  fi

  # If email option is not set or has invalid format, we give warning
  if [ "${REPORT_EMAIL}" == "false" ]; then
    echo "[${SCRIPT_NAME}]: Notice, report email is disabled because -e or --email option is not present!"
  elif ! is_valid "email" "${REPORT_EMAIL}"; then
    echo "[${SCRIPT_NAME}]: Notice, report email [ ${REPORT_EMAIL} ] is invalid, please set the correct email format eg: ADMIN_EMAIL=email@domain.tld"
    exit 1
  fi

  # If AIDE custom config does not exist, we copy from the default template
  if [[ ! -s "${AIDE_CUSTOM_CONF}" ]]; then
    local retval
    echo -n "[${SCRIPT_NAME}]: Notice, config file [${AIDE_CUSTOM_CONF}] does not exist. Copying from ${AIDE_DEFAULT_CUSTOM_CONF} ... "
    cp -p "${AIDE_DEFAULT_CUSTOM_CONF}" "${AIDE_CUSTOM_CONF}"
    get_status_message "$?"
  else
    #echo "AIDE_CUSTOM_CONF exist, so that is good!"
    :
  fi

  # Check if database exist, if it does not exist then we initialize a new database
  if [[ ! -f "${AIDE_DB}" ]]; then
    local test_aide_init retval
    echo "[${SCRIPT_NAME}]: Notice, database file [${AIDE_DB}] does not exist!"
    echo "[${SCRIPT_NAME}]: Initializing a new database ... (this may take sometime)"
    echo ""
    test_aide_init=$(${AIDE_INIT_BIN} -y -c "${AIDE_CUSTOM_CONF}" 2>&1)
    retval=$?
    has_error=$(echo "${test_aide_init}" | grep -E "  ERROR: ")
    # Check if the initialization is success, then we copy the new database into the main database
    if [ -z "${has_error}" ]; then
      echo "[${SCRIPT_NAME}]: OK, database initialized successfully" | tee -a "${REPORT_FILE}"
      # Rename the initialized database (make a copy don't delete init db for audit purpose)
      echo -n "[${SCRIPT_NAME}]: Copying initialized database [${AIDE_DB_NEW}] as [${AIDE_DB}] ..."
      cp -f "${AIDE_DB_NEW}" "${AIDE_DB}" | tee -a "${REPORT_FILE}"
      get_status_message "$?"
      # Now archived the init database with a timestamp, so we can use it again next time for audit purpose
      echo -n "[${SCRIPT_NAME}]: Archiving [${AIDE_DB_NEW}] as ${AIDE_DB_NEW}_${DATE_TIME_NOW} ..."
      mv -f "${AIDE_DB_NEW}" "${AIDE_DB_NEW}_${DATE_TIME_NOW}.archived"
      get_status_message "$?"
      # Now we only want to use the autogenerated aide config (we can modify this manually later) -
      # not available in latest version, so use check only do this if AIDE_AUTO_CONF exist:
      if [ -f "${AIDE_AUTO_CONF}" ]; then
        echo -n "[${SCRIPT_NAME}]: Copying autogenerated aide config from ${AIDE_AUTO_CONF} into ${AIDE_CUSTOM_CONF} ..."
        cp -p "${AIDE_AUTO_CONF}" "${AIDE_CUSTOM_CONF}"
        get_status_message "$?"
      fi
    else
      # We display error and exit
      # List of return code for init: 14,15,16,17,.18,19 (verify this)
      echo "[${SCRIPT_NAME}]: Warning, an error occur when initializing AIDE database [Error Code: ${retval}]"
      echo "Error details:"
      echo "${test_aide_init}"
      echo "Note: if aideinit returns 0, it is a known bug: https://github.com/aide/aide/issues/107"
      #${MAIL_BIN} -s "[${SCRIPT_NAME} | ${WARN_STATUS} | mode: $RUN_MODE]: AIDE File Integrity Report @ ${BOX_HOSTNAME}" "${ADMIN_EMAIL}" <"${REPORT_FILE}"
      exit 1
    fi
    echo "-------" | tee -a "${REPORT_FILE}"
    compare_scan=false
  else
    compare_scan=true

  fi

  # This is required by AIDE to make sure this file exist and has correct permission
  if ! [ -d /run/aide ]; then
    mkdir -p /run/aide
    chown root:root /run/aide
    chmod 600 /run/aide
  fi

  # Initialize the new report file here
  cat /dev/null >"${REPORT_FILE}"

  echo ""

  echo "[${SCRIPT_NAME}]: =~=~=~==~=~=~= SYSTEM DATA CHECK START =~=~=~==~=~=~=" | tee -a "${REPORT_FILE}"
  # We start the scan here
  echo "" | tee -a "${REPORT_FILE}"
  [[ "${compare_scan}" == "false" ]] && echo "[${SCRIPT_NAME}]: Scanning system for data changes for the first time... (this may take some time): " | tee -a "${REPORT_FILE}"
  [[ "${compare_scan}" == "true" ]] && echo "[${SCRIPT_NAME}]: Scanning and comparing database file from [${AIDE_DB}] - $(stat -c '%y' "${AIDE_DB}" | sed -e "s/\\..*//") ..." | tee -a "${REPORT_FILE}"
  bash -o pipefail -c "${AIDE_BIN} ${log_option} ${db_action} ${limit_option} --config=${AIDE_CUSTOM_CONF} | tee -a ${REPORT_FILE}"
  retval=$?
  # ((total_entries = added_count = removed_count = changed_count = 0))
  ((added_count = removed_count = changed_count = 0))
  #total_entries=$(grep -oP 'Total number of entries:\s*\K\d+' "${REPORT_FILE}")
  added_count=$(grep -oP 'Added entries:\s*\K\d+' "${REPORT_FILE}")
  removed_count=$(grep -oP 'Removed entries:\s*\K\d+' "${REPORT_FILE}")
  changed_count=$(grep -oP 'Changed entries:\s*\K\d+' "${REPORT_FILE}")
  total_count=$((added_count + removed_count + changed_count))

  if [ ${total_count} -gt 1 ]; then
    file_plural="items"
  else
    file_plural="item"
  fi
  echo "---------------------------------------------------"
  echo "[${SCRIPT_NAME}]: AIDE has finished checking" | tee -a "${REPORT_FILE}"
  if [ "${retval}" = 0 ]; then
    echo "[${SCRIPT_NAME}]: Ok, no changes detected" | tee -a "${REPORT_FILE}"
    file_status="No changes detected"
  elif [ "${retval}" = 1 ]; then
    WARN_STATUS="WARNING"
    echo "[${SCRIPT_NAME}]: Warning, ${added_count} new ${file_plural} detected" | tee -a "${REPORT_FILE}"
    file_status="${added_count} new ${file_plural} detected"
  elif [ "${retval}" = 2 ]; then
    WARN_STATUS="WARNING"
    echo "[${SCRIPT_NAME}]: Warning, ${removed_count} removed ${file_plural} detected" | tee -a "${REPORT_FILE}"
    file_status="${removed_count} removed ${file_plural} detected"
  elif [ "${retval}" = 3 ]; then
    WARN_STATUS="WARNING"
    echo "[${SCRIPT_NAME}]: Warning, ${added_count} new and ${removed_count} removed ${file_plural} detected" | tee -a "${REPORT_FILE}"
    file_status="${added_count} new and ${removed_count} removed ${file_plural} detected"
  elif [ "${retval}" = 4 ]; then
    WARN_STATUS="WARNING"
    echo "[${SCRIPT_NAME}]: Warning, ${changed_count} changed ${file_plural} detected" | tee -a "${REPORT_FILE}"
    file_status="${changed_count} changed ${file_plural} detected"
  elif [ "${retval}" = 5 ]; then
    WARN_STATUS="WARNING"
    echo "[${SCRIPT_NAME}]: Warning, ${added_count} new and ${changed_count} changed ${file_plural} detected" | tee -a "${REPORT_FILE}"
    file_status="${added_count} new and ${changed_count} changed ${file_plural} detected"
  elif [ "${retval}" = 6 ]; then
    WARN_STATUS="WARNING"
    echo "[${SCRIPT_NAME}]: Warning, ${removed_count} removed and ${changed_count} changed ${file_plural} detected" | tee -a "${REPORT_FILE}"
    file_status="${removed_count} removed and ${changed_count} changed ${file_plural} detected"
  elif [ "${retval}" = 7 ]; then
    WARN_STATUS="WARNING"
    echo "[${SCRIPT_NAME}]: Warning, ${added_count} new, ${removed_count} removed and ${changed_count} changed ${file_plural} detected" | tee -a "${REPORT_FILE}"
    file_status="${added_count} new, ${removed_count} removed and ${changed_count} changed ${file_plural} detected"
  elif [ "${retval}" = 14 ]; then
    WARN_STATUS="WARNING"
    echo "[${SCRIPT_NAME}]: Warning, writing error" | tee -a "${REPORT_FILE}"
  elif [ "${retval}" = 15 ]; then
    WARN_STATUS="WARNING"
    echo "[${SCRIPT_NAME}]: Warning, Invalid argument error" | tee -a "${REPORT_FILE}"
    exit 1
  elif [ "${retval}" = 16 ]; then
    WARN_STATUS="WARNING"
    echo "[${SCRIPT_NAME}]: Warning, unimplemented function error" | tee -a "${REPORT_FILE}"
  elif [ "${retval}" = 17 ]; then
    WARN_STATUS="WARNING"
    echo "[${SCRIPT_NAME}]: Warning, invalid configureline error" | tee -a "${REPORT_FILE}"
    exit 1
  elif [ "${retval}" = 18 ]; then
    WARN_STATUS="WARNING"
    echo "[${SCRIPT_NAME}]: Warning, IO error" | tee -a "${REPORT_FILE}"
  elif [ "${retval}" = 19 ]; then
    WARN_STATUS="WARNING"
    echo "[${SCRIPT_NAME}]: Warning, version mismatch error" | tee -a "${REPORT_FILE}"
  else
    WARN_STATUS="WARNING"
    echo "[${SCRIPT_NAME}]: Error, unknown return code: [${retval}]" | tee -a "${REPORT_FILE}"
    exit 1
  fi
  if [ "${DB_AUTO_UPDATE}" == "true" ]; then
    if [[ ! -f ${AIDE_DB_NEW} ]]; then
      # In case if suddenly the DB file is not found
      echo "[${SCRIPT_NAME}]: Warning, DB [${AIDE_DB_NEW}] does not exist. This file should exist after scan!" | tee -a "${REPORT_FILE}"
      exit 1
    else
      local retval
      if [ "${DB_AUTO_BACKUP}" == "true" ]; then
        echo "[${SCRIPT_NAME}]: Performing backup of [ ${AIDE_DB} ] as ${AIDE_DB}_${DATE_TIME_NOW}.archived" | tee -a "${REPORT_FILE}"
        mv -f "${AIDE_DB}" "${AIDE_DB}_${DATE_TIME_NOW}.archived"
      fi
      mv -f "${AIDE_DB_NEW}" "${AIDE_DB}" | tee -a "${REPORT_FILE}"
      retval=$?
      if [ "${retval}" -eq 0 ]; then
        echo "[${SCRIPT_NAME}]: AIDE database of [${AIDE_DB_NEW}] was renamed as [${AIDE_DB}]" | tee -a "${REPORT_FILE}"
      else
        echo "[${SCRIPT_NAME}]: Error, there was problem renaming the new AIDE database [${AIDE_DB_NEW}]!" | tee -a "${REPORT_FILE}"
        exit 1
      fi
    fi
  else
    if [[ "${WARN_STATUS}" == "WARNING" ]]; then
      echo "[${SCRIPT_NAME}]: Notice, to update changes found by AIDE above, please use -u or --update command" | tee -a "${REPORT_FILE}"
    fi
  fi

  echo "" | tee -a "${REPORT_FILE}"
  echo "[${SCRIPT_NAME}]: =~=~=~==~=~=~= SYSTEM DATA CHECK END  =~=~=~==~=~=~=" | tee -a "${REPORT_FILE}"
  echo "" | tee -a "${REPORT_FILE}"

  echo "==============================================" | tee -a "${REPORT_FILE}"
  echo "================ SUMMARY ====================" | tee -a "${REPORT_FILE}"
  echo "[${SCRIPT_NAME}]: Running mode: [$RUN_MODE]" | tee -a "${REPORT_FILE}"
  echo "[${SCRIPT_NAME}]: Scan status: ${WARN_STATUS} | ${file_status}" | tee -a "${REPORT_FILE}"
  echo "[${SCRIPT_NAME}]: Log file is located at: ${REPORT_FILE}" | tee -a "${REPORT_FILE}"
  echo "[${SCRIPT_NAME}]: To view the last log, run: ${SCRIPT_NAME} lastlog" | tee -a "${REPORT_FILE}"
  echo "==============================================" | tee -a "${REPORT_FILE}"
  echo ""

  if [[ "${WARN_STATUS}" == "WARNING" && "${REPORT_EMAIL}" != "false" ]]; then
    echo "[${SCRIPT_NAME}]: Sending email report to ${ADMIN_EMAIL} ..."
    ${MAIL_BIN} -s "[${SCRIPT_NAME} | ${WARN_STATUS} ]: AIDE Scan on ${BOX_HOSTNAME}: ${file_status}" "${ADMIN_EMAIL}" <"${REPORT_FILE}"
    get_status_message "$?"
  fi
}

ADMIN_EMAIL="webmaster@sofibox.com"
SCRIPT_PATH="$(dirname "$(readlink -f "$0")")"
SCRIPT_NAME=$(basename -- "$0")
BOX_HOSTNAME=$(hostname)
MAIL_BIN=$(command -v mail)
#DATE_BIN=$(command -v date)

# Make sure curl is installed
if [ -z "$(command -v curl)" ]; then
  echo "Error, curl is not installed. Installing curl ..."

fi

# Check if maxibuild is installed
if ! command -v maxibuild >/dev/null 2>&1; then
  echo "Error, maxibuild is not installed. Checking for curl ..."
  # Check if curl is installed
  if ! command -v curl >/dev/null 2>&1; then
    echo "Installing curl ..."
    if [[ "$(get_distro id)" == +(debian|ubuntu) ]]; then
      apt-get -y install curl
    elif [[ "$(get_distro id)" == +(centos|fedora|rhel|almalinux|rocklylinux) ]]; then
      dnf -y install curl
    fi
    get_status_message "$?"
  fi
  echo "Installing maxibuild ..."
  curl -s https://raw.githubusercontent.com/sofibox/maxibuild/master/install.sh | bash
fi

# diffutils is required for using cmp command
maxibuild --include "aide mail nano diffutils"

# ================================================
# Since we know that aide and aideinit has been installed we must put this here:
AIDE_BIN=$(command -v aide)
# Check compatibility
AIDE_BIN_VERSION="$(${AIDE_BIN} --version | head -n1 | awk '{ print $2 }')"
# Any AIDE version tested to be working perfectly, put as array here.
COMPATIBLE_VERSIONS=("0.17.3" "0.17.4" "0.18.3")

FOUND_COMPATIBLE=$(echo "${COMPATIBLE_VERSIONS[@]}" | grep "${AIDE_BIN_VERSION}")

if [ -n "${FOUND_COMPATIBLE}" ]; then
  :
else
  echo "[${SCRIPT_NAME}]: Warning, this script was designed to run on the following AIDE versions:"
  COMPATIBLE_VERSIONS_FORMAT=$(printf ",%s" "${COMPATIBLE_VERSIONS[@]}")
  echo "${COMPATIBLE_VERSIONS_FORMAT:1}"
  echo "[${SCRIPT_NAME}]: Your AIDE version is ${AIDE_BIN_VERSION}"
  echo "[${SCRIPT_NAME}]: It might work 100% but just to be sure to update ${SCRIPT_NAME} script into latest version"
fi

# For debian distribution, if we install aide we will get this aideinit
AIDE_INIT_BIN=$(command -v aideinit)
LOG_PATH="${SCRIPT_PATH}/log"
CONFIG_PATH="${SCRIPT_PATH}/conf"
DB_PATH="${SCRIPT_PATH}/db"
TEMP_PATH="${SCRIPT_PATH}/tmp"

mkdir -p "${LOG_PATH}"
mkdir -p "${CONFIG_PATH}"
mkdir -p "${DB_PATH}"
mkdir -p "${TEMP_PATH}"

AIDE_DEFAULT_CUSTOM_CONF="${CONFIG_PATH}/default_custom_aide.conf"
AIDE_DEFAULT_RULES_PATH="/etc/aide/aide.conf.d"
AIDE_CUSTOM_CONF="${CONFIG_PATH}/custom_aide.conf"
TEMP_CUSTOM_RULES="${CONFIG_PATH}/custom_rules"
# The reason I use 98_ is because 99_ rule is the catchall rule for scanning root / and it will read last.
MAXIAIDE_CUSTOM_RULES="${AIDE_DEFAULT_RULES_PATH}/98_${SCRIPT_NAME}_rules"

AIDE_DEFAULT_CONF="/etc/aide/aide.conf"
AIDE_AUTO_CONF="/var/lib/aide/aide.conf.autogenerated"

AIDE_DB_NEW="/var/lib/aide/aide.db.new"
AIDE_DB="/var/lib/aide/aide.db"

# REPORT FILES
DATE_TIME_NOW="$(date '+%d-%m-%Y_%H-%M-%S')" #31-03-2020_11-56-16
#MONTH_NOW=$(date +%B)
#DATE_NOW="$(date '+%d-%m-%Y')" #31-03-2020
REPORT_FILE="${LOG_PATH}/${SCRIPT_NAME}-${DATE_TIME_NOW}-report.log"

# STATUS VARIABLE
RUN_MODE="N/A"
WARN_STATUS="OK"

RETVAL=1
ACTION="$1"
ARGNUM="$#"

if [ $ARGNUM -eq 0 ]; then
  echo "[${SCRIPT_NAME}]: Error, no argument is supplied. Use [ ${SCRIPT_NAME} --help ] to see the valid options"
  exit 2
fi

while [ "$#" -gt 0 ]; do
  case "$1" in
  # Display help and usage
  -h | --help | help | /? | ?)
    usage
    exit 0
    ;;
    # Display Program version
  -v | -V | --version | version | ver)
    echo "${_APP_INFO}"
    echo ""
    echo "Script version: ${_APP_SPECIFIC_NAME}-${_APP_VERSION_STATUS}"
    echo "AIDE version: ${AIDE_BIN_VERSION}"
    echo "${_AUTHOR}"
    exit 0
    break
    ;;
  -t | --test | test)
    # This is a placeholder for test
    exit 0
    break
    ;;
  init | --init)
    aide_init
    exit 0
    break
    ;;
  update-rule | update-rules | updaterule)
    aide_update_rules
    aide_check_configs
    exit 0
    break
    ;;
  edit-rule | edit-rules | editrule)
    nano -c "${TEMP_CUSTOM_RULES}"
    if cmp --silent -- "${TEMP_CUSTOM_RULES}" "${MAXIAIDE_CUSTOM_RULES}"; then
      :
      # echo "[${SCRIPT_NAME}]: [Skipped] The custom rules are identical to the existing"
    else
      _confirm "[${SCRIPT_NAME}]: The custom rule file has changed. Do you want to update this rule file?" y
      aide_update_rules
      aide_check_configs
    fi

    exit 0
    break
    ;;
  # For self script editing purpose
  edit-self | edit-script | edit-code | update-code | show-script | editself | editscript | editcode | updatecode | showscript | edit)
    nano -c "${SCRIPT_PATH}/${SCRIPT_NAME}"
    exit 0
    break
    ;;
  edit-conf | edit-config | editconf | editconfig)
    nano -c "${AIDE_CUSTOM_CONF}"
    aide_check_configs
    exit 0
    break
    ;;
  latest-log | latest-report | last-report | lastlog | lastreport | latestreport)
    latest_log=$(find "${LOG_PATH}" -type f -printf "%T@ %p\n" | sort -n | cut -d' ' -f 2- | tail -n 1)
    echo "Reading the latest log ..."
    more "${latest_log}"
    exit 0
    break
    ;;
  clean-logs | cleanlog | clearlog | removelog)
    # Remove old logs but leave the latest 1 log
    _confirm "[${SCRIPT_NAME}]: Are you sure you want to remove old logs?" N
    find "${LOG_PATH}" -maxdepth 1 -type f -printf '%T@ %p\0' |
      sort -z -nrt ' ' -k1,1 |
      sed -z -e "1,1d" -e 's/[^ ]* //' |
      xargs -0r rm -f
    get_status_message "$?"
    break
    ;;
  scan | check | compare)
    SHORT_OPTS="j,v,d,a,u,b,e,c:,f:,p:,l:,r:"
    LONG_OPTS="cron,cronjob,verbose,debug,update,db-auto-update,auto-update,db-update,backup,db-auto-backup,auto-backup,db-backup,email,compare:,file:,path:,limit:,regex:,log-level:"
    OPTIONS=$(getopt -o "${SHORT_OPTS}" --long "${LONG_OPTS}" -n "[${SCRIPT_NAME}]" -- "$@")
    RETVAL=$?
    if [ ${RETVAL} != 0 ]; then
      echo "[${SCRIPT_NAME}]: Error, invalid option"
      exit 1
    fi
    eval set -- "${OPTIONS}"
    CRONJOB=false
    VERBOSE=false
    DEBUG=false
    DB_AUTO_UPDATE=false
    DB_AUTO_BACKUP=false
    REPORT_EMAIL="false"
    REGEX_STRING=""
    LOG_LEVEL=""
    while true; do
      case "$1" in
      -j | --cron | --cronjob)
        CRONJOB=true
        shift
        ;;
      -v | --verbose)
        VERBOSE=true

        shift
        ;;
      -d | --debug)
        DEBUG=true
        shift
        ;;
      -a | -u | --update | --db-auto-update | --auto-update | --db-update)
        DB_AUTO_UPDATE=true
        shift
        ;;
      -b | --backup | --db-auto-backup | --auto-backup | --db-backup)
        DB_AUTO_BACKUP=true
        shift
        ;;
      -e | --email)
        REPORT_EMAIL="${ADMIN_EMAIL}"
        shift
        ;;
      -f | -p | -l | -r | --file | --path | --limit | --regex)
        REGEX_STRING="$2"
        shift 2
        ;;
      --log-level)
        LOG_LEVEL="$2"
        shift 2
        ;;
      --)
        shift
        break
        ;;
      -*)
        echo "[${SCRIPT_NAME}]: Error, invalid option e.g: ${SCRIPT_NAME} ${ACTION}"
        exit 1
        ;;
      *)
        break
        ;;
      esac
    done
    aide_scan "$@"
    break
    ;;
  --)
    break
    ;;
  -*)
    echo "[${SCRIPT_NAME}]: Invalid action or option $1. Use --help to see the valid options"
    exit 1
    ;;
  *) ;;
  esac
  echo "[${SCRIPT_NAME}]: Error, invalid action or option [ $1 ]. Use --help to see the valid actions or options"
  exit 1
done