vaultsovereign/vm-cc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5bf3becddb8cbd5988f421d14b63c5d3a42e9a10
vm-cc/40-rules/backup_restore_drill_recent.sh
Vault Sovereign d1980ec714 feat: add collectors and rules
2025-12-27 00:59:13 +00:00

92 lines
2.4 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
source "$(dirname "$0")/../scripts/lib/common.sh"
require_cmd jq
EVID_DIR="${1:?usage: backup_restore_drill_recent.sh <evidence_dir>}"
TS="$(iso_utc_now)"
FILE="$EVID_DIR/backup_restore_drill.json"
MAX_DAYS="${VMCC_MAX_RESTORE_DRILL_AGE_DAYS:-7}"
file_mtime_epoch() {
local file="$1"
if stat -c %Y "$file" >/dev/null 2>&1; then
stat -c %Y "$file"
else
stat -f %m "$file"
fi
}
if [[ ! -f "$FILE" ]]; then
json_emit "$(jq -n --arg ts "$TS" '{
version:"1.0.0",
rule_id:"backup.restore_drill_recent",
control_ids:["BC-01"],
passed:false,
severity:"MEDIUM",
timestamp:$ts,
evidence:[{path:"backup_restore_drill.json"}],
details:{error:"missing evidence file"}
}')"
exit 0
fi
COLLECTED="$(jq -r '.collected // false' "$FILE")"
if [[ "$COLLECTED" != "true" ]]; then
json_emit "$(jq -n --arg ts "$TS" '{
version:"1.0.0",
rule_id:"backup.restore_drill_recent",
control_ids:["BC-01"],
passed:false,
severity:"MEDIUM",
timestamp:$ts,
evidence:[{path:"backup_restore_drill.json"}],
details:{error:"no restore drill evidence found"}
}')"
exit 0
fi
PATH_FOUND="$(jq -r '.path // empty' "$FILE")"
if [[ -z "$PATH_FOUND" || ! -f "$PATH_FOUND" ]]; then
json_emit "$(jq -n --arg ts "$TS" --arg p "$PATH_FOUND" '{
version:"1.0.0",
rule_id:"backup.restore_drill_recent",
control_ids:["BC-01"],
passed:false,
severity:"MEDIUM",
timestamp:$ts,
evidence:[{path:"backup_restore_drill.json"}],
details:{error:"referenced drill file missing", referenced:$p}
}')"
exit 0
fi
NOW_EPOCH="$(date -u +%s)"
MTIME_EPOCH="$(file_mtime_epoch "$PATH_FOUND")"
AGE_DAYS="$(( (NOW_EPOCH - MTIME_EPOCH) / 86400 ))"
if [[ "$AGE_DAYS" -le "$MAX_DAYS" ]]; then
json_emit "$(jq -n --arg ts "$TS" --argjson age "$AGE_DAYS" '{
version:"1.0.0",
rule_id:"backup.restore_drill_recent",
control_ids:["BC-01"],
passed:true,
severity:"MEDIUM",
timestamp:$ts,
evidence:[{path:"backup_restore_drill.json"}],
details:{age_days:$age}
}')"
else
json_emit "$(jq -n --arg ts "$TS" --argjson age "$AGE_DAYS" --argjson max "$MAX_DAYS" '{
version:"1.0.0",
rule_id:"backup.restore_drill_recent",
control_ids:["BC-01"],
passed:false,
severity:"MEDIUM",
timestamp:$ts,
evidence:[{path:"backup_restore_drill.json"}],
details:{error:"restore drill too old", age_days:$age, max_days:$max}
}')"
fi
Reference in New Issue View Git Blame Copy Permalink