I created an AIDE script that able to monitor file changes in my hosting, and when something file has changed, it will send an alert email about the changes. In my opinion, I don't think the script has problem. So let me share with you anyway:
Here is the script in my git repo:
To run this script, I had the cronjob running like this every 20 minutes: */20 * * * * root /usr/local/bin/maxicron/aide/maxiaide cron > /dev/null
The script did a good job giving an alert message but recently I notice that I keep getting the same email from this script which has the same date and time (04-07-2020 5:43am) with the same content. and the attachment is so big like 22MB. Sometimes I get almost a dozen mail at one time.
Screenshot:
When I view the attachment in text editor, I saw the following error in the log file from the script "File database must have one db_spec specification":
So, it means the alert did not complete the script because of an error.
I disable the cronjob for 2 days now and I still get this email. Also, I checked that I have no cronjob that run this script. I checked the mail queue exim -bp
and I found no email queue in exim. Now, the script is not running and yet I still have this alert email. In your opinion, where does this email actually come from? How can I debug where the email came from and I don't think it's coming from the script because the script is not running anymore. This is so weird
all the logs file don't seem to give any clues and because that email time and date is old, the email went straight to the last list not the top list of mailbox.
I use centOS 8, exim, dovecot, roundcube, apache_nginx, and the AIDE version is 0.16