[SOLVED] - Binary content after aide --check to mail

General support questions
Post Reply
User avatar
warron.french
Posts: 536
Joined: 2014/03/27 20:21:58

[SOLVED] - Binary content after aide --check to mail

Post by warron.french » 2020/11/11 21:36:00

In my /etc/crontab I have the following:

Code: Select all

05  4  *  *  *  /usr/sbin/aide  --check  | /bin/mail  -s "myhostname - AIDE Integrity Check"  root@localhost
As a result, when I check system messages using the mail command, whether sudo'd up to root or executing the command with sudo, as:

Code: Select all

sudo -u   root  /bin/mail  -f  /var/spool/mail/root

I get the following in the body of the message from the command above:

Code: Select all

[Binary content]
Above that "[Binary content]" there is standard mail messaging details that one might expect from /bin/mail.

I get the same results precisely even if I execute at the shell prompt in this manner:

Code: Select all

/usr/sbin/aide   --check   |  /bin/mail  -s "myhostname - AIDE Integrity Check"  root@localhost
Can anyone suggest what the problem is or where else to look for enhanced details?

I have two servers configured in this manner, the "myhostname" reference is different between them of course.
Last edited by warron.french on 2020/11/16 13:25:59, edited 1 time in total.
Thanks,
War

pjsr2
Posts: 521
Joined: 2014/03/27 20:11:07

Re: Binary content after aide --check to mail

Post by pjsr2 » 2020/11/12 16:36:27

/bin/mail has to guess the mime-type of the message contents. When the message contains anything outside normal text characters, newlines and tabs, /bin/mail will conclude that the contents are binary.

So:

Code: Select all

sudo /usr/sbin/aide  --check  >& some_file
and closely inspect the content of that file.

User avatar
KernelOops
Posts: 384
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: Binary content after aide --check to mail

Post by KernelOops » 2020/11/12 17:45:48

I think you are doing it all wrong. Cron jobs automatically send emails, if there is an output from the command. If the command ends without any output, then cron expects that everything completed successfully.

So all you need to do is run aide:

Code: Select all

05  4  *  *  *  /usr/sbin/aide  --check
--
I love my computer - all my friends live there.
--

Thraex
Posts: 45
Joined: 2019/05/14 19:50:28

Re: Binary content after aide --check to mail

Post by Thraex » 2020/11/12 20:24:37

I use almost the exact same line (yay STIGs) in my systems and I get the aide --check results in root's mail. My crontab has:

00 2 * * * root /usr/sbin/aide --check | /bin/mail -s "$(hostname) - AIDE Integrity Check" root@localhost

User avatar
KernelOops
Posts: 384
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: Binary content after aide --check to mail

Post by KernelOops » 2020/11/12 20:58:52

There is no real reason to pipe the output to /bin/mail when cron does that better, it captures all kinds of output and sends it all by email, it also adheres to the /etc/aliases so those emails may be redirected elsewhere.

The whole idea of cron jobs, is to print something when there is something to report but print absolutely nothing when everything is ok. That way, you may run all kinds of commands as cron jobs, without bothering to pipe and process the output (like send it as an email), its cron's job to do that.

Here is my command:

Code: Select all

@hourly		/usr/sbin/aide --check
For example, lets say that we want to find all PHP error files and report them via email:

Code: Select all

@daily		find /var/www/html -iname error_log
The find command will only report something if a matching file is found, otherwise it will cleanly exit. Thus, when a file is found, an email will be sent, since that is taken care of by cron. No need to pipe or process the output.
--
I love my computer - all my friends live there.
--

User avatar
warron.french
Posts: 536
Joined: 2014/03/27 20:21:58

Re: Binary content after aide --check to mail

Post by warron.french » 2020/11/12 21:11:39

@KernelOops,

I tried stripping off the pipe and the rest of the syntax, the problem went away:

Code: Select all

07 16  *  *  *  /usr/sbin/aide --check

What I don't understand is why that same broken syntax on my other server functions perfectly anyway.

It does not make sense at all.
Thanks,
War

User avatar
warron.french
Posts: 536
Joined: 2014/03/27 20:21:58

Re: Binary content after aide --check to mail

Post by warron.french » 2020/11/12 21:12:52

Thraex wrote:
2020/11/12 20:24:37
I use almost the exact same line (yay STIGs) in my systems and I get the aide --check results in root's mail. My crontab has:

00 2 * * * root /usr/sbin/aide --check | /bin/mail -s "$(hostname) - AIDE Integrity Check" root@localhost
I do to, on my other server. I get the results in my root account's mail, just like you described. Yay STIGS! ;-)
Thanks,
War

User avatar
warron.french
Posts: 536
Joined: 2014/03/27 20:21:58

Re: Binary content after aide --check to mail

Post by warron.french » 2020/11/12 21:14:34

pjsr2 wrote:
2020/11/12 16:36:27
/bin/mail has to guess the mime-type of the message contents. When the message contains anything outside normal text characters, newlines and tabs, /bin/mail will conclude that the contents are binary.

So:

Code: Select all

sudo /usr/sbin/aide  --check  >& some_file
and closely inspect the content of that file.
Are you referring to characters that are not "American" characters?

I don't remember which LOCALE it is, perhaps iso-8859-1?
Thanks,
War

pjsr2
Posts: 521
Joined: 2014/03/27 20:11:07

Re: Binary content after aide --check to mail

Post by pjsr2 » 2020/11/12 21:41:48

The mail man page is a bit unclear at this point. Since the mail protocol dates from the early eighties, It could very well be printable ASCII only. Anything else would need a MIME content indicator and suitable encoding.

User avatar
warron.french
Posts: 536
Joined: 2014/03/27 20:21:58

Re: Binary content after aide --check to mail

Post by warron.french » 2020/11/16 13:25:42

For me changing syntax this:

Code: Select all

05  4  *  *  *  /usr/sbin/aide  --check  | /bin/mail  -s "myhostname - AIDE Integrity Check"  root@localhost
to this syntax:

Code: Select all

05 4  *  *  *  /usr/sbin/aide   --check
solved the problem.

Marking this a [SOLVED].
Thanks,
War

Post Reply

Return to “CentOS 7 - General Support”