RSA Product Set: SecurID

RSA Product/Service Type: Authentication Manager

RSA Version/Condition: 8.7 or later

Platform: SUSE Linux Enterprise

O/S Version: SUSE Linux 12 SP5, 15 SP3 or later

Product Description: RSA SecurID Appliance

Administrators require to perform housekeeping tasks manually to maintain healthy disk usage in RSA Authentication Manager. There is no automated process to keep the disk usage under control.

This article is to set up a cron job that moves files older than 60 days to a remote location daily.

Step 1: Write the Script
a. Create a shell script to find and move the log files as below, or download the move_old_files.sh file attached to this article. To download the file, you must log in RSA Community Site. If it's blocked by the client side policy, please find the file content below:

#!/bin/bash
LOGFILE=/tmp/AMlogtransfer_`date "+%Y%m%d%H%M"`.log
if [ ! -f $LOGFILE ]; then
      touch $LOGFILE
chmod 777 $LOGFILE
chown rsaadmin:rsaadmin $LOGFILE
fi
echo -e "\n Transfer Program for AM log files older than 60 days" >> $LOGFILE

# Local directory to search
SOURCE_DIR="/opt/rsa/am/server/logs/"
echo -e "\n - source folder is $SOURCE_DIR"

# Remote destination (format: user@host:/remote/path)
REMOTE_DEST="user@remotehost:/path/to/remote/dir"
echo -e "\n - remote destination is $REMOTE_DEST"

# Temporary directory for staging files before transfer
TMP_DIR="/tmp/files_to_move"

# Check if the temporary directory exists, if not then create it
if [ ! -d "$TMP_DIR" ]; then
        # Create temp directory
        echo -e "\n - creating temporary folder called $TMP_DIR" >> $LOGFILE
        mkdir -p "$TMP_DIR"
fi

# Check if the log directory exists, and create it if not
LOGFILE=/tmp/AMlogtransfer_`date "+%Y%m%d%H%M"`.log
if [ ! -f $LOGFILE ]; then
      touch $LOGFILE
chmod 777 $LOGFILE
chown rsaadmin:rsaadmin $LOGFILE
fi
echo -e "\n Transfer Program for AM log files older than 60 days" >> $LOGFILE

# Find files older than 60 days and move them to temp
echo -e "\n - finding log files older than 60 days in $SOURCE_DIR and moving them to $TMP_DIR"
find "$SOURCE_DIR" -type f -mtime +60 -exec mv {} "$TMP_DIR" \;
COUNT=`ls -l "$TMP_DIR" | wc -l`
FILECOUNT=$((COUNT-1))
echo -e "\n - finished moving $FILECOUNT files old then 60 days to $TMP_DIR" >> $LOGFILE

# Transfer to remote using rsync
echo -e "\n - transferring files from $TMP_DIR to $REMOTE_DEST\n" >> $LOGFILE
rsync -avz "$TMP_DIR/" "$REMOTE_DEST"

# Clean up if rsync was successful
if [ $? = 0 ]; then
        echo -e "\n - finished transferring the files without error" >> $LOGFILE
        echo -e "\n - removing the temporary directory called $TMP_DIR" >> $LOGFILE
        rm -rf "$TMP_DIR"
else
        echo -e "\n - there was an error transferring the files. Moving the files older than 60 days back to $SOURCE_DIR" >> $LOGFILE
        mv "$TMP_DIR"/* $SOURCE_DIR
fi
echo -e "\n - end of program\n"

b. Save the file to the appliance using secure FTP client such as WinSCP. For example, copy to the location  /home/rsaadmin/scripts/move_old_files.sh

c. Update with correct details in REMOTE_DEST="user@remotehost:/path/to/remote/dir"

To update the file, type:

vi /home/rsaadmin/scripts/move_old_files.sh

To save the change, type:

:wq!

d. Make it executable at the command line:
chmod +x /home/rsaadmin/scripts/move_old_files.sh

Step 2: Set Up the Cron Job
Edit your crontab:
crontab -e
Add the following line to run the script daily at, say, 2:00 AM:
0 2 * * * /home/rsaadmin/scripts/move_old_files.sh

Step 3: Store SSH Keys to store in the remote server

Use SSH Keys for Passwordless Access Generate SSH keys and copy the public key to the remote server to avoid needing to enter a password:
ssh-keygen -t rsa
ssh-copy-id user@remotehost.com

Notes:

• Ensure the script has proper permissions and logging if needed.

• Test the script manually first before relying on a cron job.

Important: Customers may use this script; however, they should understand that it is a custom script and they do so at their own risk. Future software updates may override changes made by this script.