diff options
author | Michael Boelen <michael.boelen@cisofy.com> | 2017-03-13 13:59:05 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-03-13 13:59:05 +0300 |
commit | 320a397772aafbd4310bf7544d3ca2b68b403086 (patch) | |
tree | 4c2f0d40775d2309a03e47374e4d23ba3068233a /include/tests_time | |
parent | 7d17bfbbd707e7955a2b2e43047302dd5737dc12 (diff) |
[TIME-3104] Test permissions before opening files
Diffstat (limited to 'include/tests_time')
-rw-r--r-- | include/tests_time | 59 |
1 files changed, 31 insertions, 28 deletions
diff --git a/include/tests_time b/include/tests_time index 78be08b9..c8540dda 100644 --- a/include/tests_time +++ b/include/tests_time @@ -83,7 +83,7 @@ # Check running processes FIND=$(${PSBINARY} ax | ${GREPBINARY} "ntpd" | ${GREPBINARY} -v "dntpd" | ${GREPBINARY} -v "grep") - if [ ! "${FIND}" = "" ]; then + if [ ! -z "${FIND}" ]; then FOUND=1; NTPD_RUNNING=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1 NTP_DAEMON="ntpd" LogText "Result: found running NTP daemon in process list" @@ -100,7 +100,7 @@ # Check timedate daemon (systemd) if [ ! -z "${TIMEDATECTL}" ]; then FIND=$(${TIMEDATECTL} status | ${GREPBINARY} "NTP synchronized: yes") - if [ ! "${FIND}" = "" ]; then + if [ ! -z "${FIND}" ]; then # Check for systemd-timesyncd if [ -f /etc/systemd/timesyncd.conf ]; then FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="systemd-timesyncd" @@ -119,7 +119,7 @@ if [ -f ${I} ]; then LogText "Test: checking for ntpdate or rdate in crontab file ${I}" FIND=$(${EGREPBINARY} "ntpdate|rdate" ${I} | ${GREPBINARY} -v '^#') - if [ ! "${FIND}" = "" ]; then + if [ ! -z "${FIND}" ]; then FOUND=1; NTP_CONFIG_TYPE_SCHEDULED=1 Display --indent 2 --text "- Checking NTP client in crontab file (${I})" --result "${STATUS_FOUND}" --color GREEN LogText "Result: found ntpdate or rdate reference in crontab file ${I}" @@ -139,18 +139,22 @@ # Check cron jobs for I in ${CRON_DIRS}; do if [ -d ${I} ]; then - FIND=$(${LSBINARY} ${I} | ${GREPBINARY} -v FIFO) - if [ ! "${FIND}" = "" ]; then - for J in ${FIND}; do - LogText "Test: checking for ntpdate or rdate in ${I}/${J}" - FIND2=$(${EGREPBINARY} "rdate|ntpdate" ${I}/${J} | ${GREPBINARY} -v "^#") - if [ ! "${FIND2}" = "" ]; then - LogText "Positive match found: ${FIND2}" - FOUND=1; FOUND_IN_CRON=1; NTP_CONFIG_TYPE_SCHEDULED=1 - fi - done + if FileIsReadable ${I}; then + FIND=$(${LSBINARY} ${I} | ${GREPBINARY} -v FIFO) + if [ ! -z "${FIND}" ]; then + for J in ${FIND}; do + LogText "Test: checking for ntpdate or rdate in ${I}/${J}" + FIND2=$(${EGREPBINARY} "rdate|ntpdate" ${I}/${J} | ${GREPBINARY} -v "^#") + if [ ! -z "${FIND2}" ]; then + LogText "Positive match found: ${FIND2}" + FOUND=1; FOUND_IN_CRON=1; NTP_CONFIG_TYPE_SCHEDULED=1 + fi + done + else + LogText "Result: ${I} is empty, skipping search in directory" + fi else - LogText "Result: ${I} is empty, skipping search in directory" + LogText "Result: could not search in directory due to permissions" fi fi done @@ -159,7 +163,6 @@ Display --indent 2 --text "- Checking NTP client in cron files" --result "${STATUS_FOUND}" --color GREEN LogText "Result: found ntpdate or rdate in cron directory" else - #Display --indent 2 --text "- Checking NTP client in cron.d files" --result "${STATUS_NOT_FOUND}" --color WHITE LogText "Result: no ntpdate or rdate found in cron directories" fi @@ -178,7 +181,7 @@ if [ -f /etc/rc.conf ]; then LogText "Test: Checking if ntpdate is enabled at startup in *BSD" FIND=$(${GREPBINARY} 'ntpdate_enable="YES"' /etc/rc.conf) - if [ ! "${FIND}" = "" ]; then + if [ ! -z "${FIND}" ]; then LogText "Result: ntpdate is enabled in rc.conf" FOUND=1 NTP_CONFIG_TYPE_STARTUP=1 @@ -211,7 +214,7 @@ # # Test : TIME-3106 # Description : Check status of systemd time synchronization - if [ ${SYSTEMD_NTP_ENABLED} -eq 1 -a ! "${TIMEDATECTL}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ ${SYSTEMD_NTP_ENABLED} -eq 1 -a ! -z "${TIMEDATECTL}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no TIME-3106 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check systemd NTP time synchronization status" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Check the status of time synchronization via timedatectl" @@ -226,7 +229,7 @@ # # Test : TIME-3112 # Description : Check for valid associations from ntpq peers list - if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ ${NTPD_RUNNING} -eq 1 -a ! -z "${NTPQBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no TIME-3112 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check active NTP associations ID's" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking for NTP association ID's from ntpq peers list" @@ -244,13 +247,13 @@ # # Test : TIME-3116 # Description : Check for stratum 16 peers - if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ ${NTPD_RUNNING} -eq 1 -a ! -z "${NTPQBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no TIME-3116 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check peers with stratum value of 16" if [ ${SKIPTEST} -eq 0 ]; then N=0 LogText "Test: Checking stratum 16 sources from ntpq peers list" FIND=$(${NTPQBINARY} -p -n | ${AWKBINARY} '{ if ($2!=".POOL." && $3=="16") { print $1 }}') - if [ "${FIND}" = "" ]; then + if [ -z "${FIND}" ]; then Display --indent 2 --text "- Checking high stratum ntp peers" --result "${STATUS_OK}" --color GREEN LogText "Result: All peers are lower than stratum 16" else @@ -282,15 +285,15 @@ # Description : Check unreliable peers from peer list # Notes : Items with # are too far away (network distance) # Items with - are not chosen due clustering algorithm - if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ ${NTPD_RUNNING} -eq 1 -a ! -z "${NTPQBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no TIME-3120 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check unreliable NTP peers" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking unreliable ntp peers" FIND=$(${NTPQBINARY} -p -n | ${EGREPBINARY} "^(-|#)" | ${AWKBINARY} '{ print $1 }' | ${SEDBINARY} 's/^-//g') - if [ "${FIND}" = "" ]; then + if [ -z "${FIND}" ]; then Display --indent 2 --text "- Checking unreliable ntp peers" --result "${STATUS_NONE}" --color GREEN LogText "Result: No unreliable peers found" - else + else Display --indent 2 --text "- Checking unreliable ntp peers" --result "${STATUS_FOUND}" --color YELLOW LogText "Result: Found one or more unreliable peers (marked with a minus or dash sign)" for I in ${FIND}; do @@ -327,7 +330,7 @@ # # Test : TIME-3128 # Description : Check time source candidates - if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ ${NTPD_RUNNING} -eq 1 -a ! -z "${NTPQBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no TIME-3128 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check preferred time source" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking preferred time source" @@ -350,7 +353,7 @@ # # Test : TIME-3132 # Description : Check ntpq falsetickers - if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ ${NTPD_RUNNING} -eq 1 -a ! -z "${NTPQBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no TIME-3132 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check NTP falsetickers" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking preferred time source" @@ -374,7 +377,7 @@ # # Test : TIME-3136 # Description : Check ntpq reported ntp version (Linux) - if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ ${NTPD_RUNNING} -eq 1 -a ! -z "${NTPQBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no TIME-3136 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check NTP protocol version" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking NTP protocol version (ntpq -c ntpversion)" @@ -395,7 +398,7 @@ # Test : TIME-3146 # Description : Check /etc/default/ntpdate (Linux) # Notes : ntpdate-debian binary - #if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + #if [ ${NTPD_RUNNING} -eq 1 -a ! -z "${NTPQBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi #Register --test-no TIME-3146 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check /etc/default/ntpdate" #if [ ${SKIPTEST} -eq 0 ]; then # @@ -416,7 +419,7 @@ # Test : TIME-3160 # Description : Check empty NTP step-tickers # Notes : Mostly applies to Red Hat and clones - if [ "${NTPD_RUNNING}" -eq 1 -a ! "${NTPQBINARY}" = "" -a ! "${CHKCONFIGBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ "${NTPD_RUNNING}" -eq 1 -a ! -z "${NTPQBINARY}" -a ! -z "${CHKCONFIGBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no TIME-3160 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check empty NTP step-tickers" if [ ${SKIPTEST} -eq 0 ]; then FOUND=0 |