From 4ecb9d4d05124b813cd4d7ddcaf5671c2f4c4765 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Sun, 30 Apr 2017 17:59:35 +0200 Subject: [bulk change] cleaning up, code enhancements, initialization of variables, and new tests --- include/tests_scheduling | 77 ++++++++++++++++++++++++------------------------ 1 file changed, 39 insertions(+), 38 deletions(-) (limited to 'include/tests_scheduling') diff --git a/include/tests_scheduling b/include/tests_scheduling index 2e2c1b8b..33f1f8a1 100644 --- a/include/tests_scheduling +++ b/include/tests_scheduling @@ -36,8 +36,9 @@ Register --test-no SCHD-7702 --weight L --network NO --category security --description "Check status of cron daemon" if [ ${SKIPTEST} -eq 0 ]; then FIND=$(${PSBINARY} aux | ${EGREPBINARY} "( cron$|/cron(d)? )") - if [ -z "${FIND}" ]; then + if IsEmpty "${FIND}"; then LogText "Result: no cron daemon found" + AddHP 3 3 else LogText "Result: cron daemon running" CROND_RUNNING=1 @@ -63,42 +64,42 @@ if IsWorldWritable ${CRONTAB_FILE}; then LogText "Result: insecure file permissions for cronjob file ${CRONTAB_FILE}"; Report "insecure_fileperms_cronjob[]=${CRONTAB_FILE}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi if ! IsOwnedByRoot ${CRONTAB_FILE}; then LogText "Result: incorrect owner found for cronjob file ${CRONTAB_FILE}"; Report "bad_fileowner_cronjob[]=${CRONTAB_FILE}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi FindCronJob ${CRONTAB_FILE} - for I in ${sCRONJOBS}; do - LogText "Found cronjob (${CRONTAB_FILE}): ${I}" - Report "cronjob[]=${I}" + for ITEM in ${sCRONJOBS}; do + LogText "Found cronjob (${CRONTAB_FILE}): ${ITEM}" + Report "cronjob[]=${ITEM}" done fi CRON_DIRS="${ROOTDIR}etc/cron.d" - for I in ${CRON_DIRS}; do - LogText "Test: checking directory ${I}" - if [ -d ${I} ]; then - if FileIsReadable ${I}; then - LogText "Result: found directory ${I}" - LogText "Test: searching files in ${I}" - FIND=$(${FINDBINARY} ${I} -type f -print | ${GREPBINARY} -v ".placeholder") - if [ -z "${FIND}" ]; then - LogText "Result: no files found in ${I}" + for DIR in ${CRON_DIRS}; do + LogText "Test: checking directory ${DIR}" + if [ -d ${DIR} ]; then + if FileIsReadable ${DIR}; then + LogText "Result: found directory ${DIR}" + LogText "Test: searching files in ${DIR}" + FIND=$(${FINDBINARY} ${DIR} -type f -print | ${GREPBINARY} -v ".placeholder") + if IsEmpty "${FIND}"; then + LogText "Result: no files found in ${DIR}" else - LogText "Result: found one or more files in ${I}. Analyzing files.." - for J in ${FIND}; do - if IsWorldWritable ${J}; then LogText "Result: insecure file permissions for cronjob file ${J}"; Report "insecure_fileperms_cronjob[]=${J}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi - if ! IsOwnedByRoot ${J}; then LogText "Result: incorrect owner found for cronjob file ${J}"; Report "bad_fileowner_cronjob[]=${J}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi - FindCronJob ${J} - if [ ! -z "${sCRONJOBS}" ]; then + LogText "Result: found one or more files in ${DIR}. Analyzing files.." + for FILE in ${FIND}; do + if IsWorldWritable ${FILE}; then LogText "Result: insecure file permissions for cronjob file ${J}"; Report "insecure_fileperms_cronjob[]=${J}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi + if ! IsOwnedByRoot ${FILE}; then LogText "Result: incorrect owner found for cronjob file ${J}"; Report "bad_fileowner_cronjob[]=${J}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi + FindCronJob ${FILE} + if HasData "${sCRONJOBS}"; then for K in ${sCRONJOBS}; do - LogText "Result: Found cronjob (${J}): ${K}" - Report "cronjob[]=${J}" + LogText "Result: Found cronjob (${FILE}): ${K}" + Report "cronjob[]=${FILE}" done fi done - LogText "Result: done with analyzing files in ${I}" + LogText "Result: done with analyzing files in ${DIR}" fi else - LogText "Result: can not read file or directory ${I}" + LogText "Result: can not read file or directory ${DIR}" fi else - LogText "Result: directory ${I} does not exist" + LogText "Result: directory ${DIR} does not exist" fi done @@ -218,11 +219,11 @@ if [ ${SKIPTEST} -eq 0 ]; then AT_UNKNOWN=0 case ${OS} in - FreeBSD) AT_ALLOW="/var/at/at.allow"; AT_DENY="/var/at/at.deny" ;; - HPUX) AT_ALLOW="/usr/lib/cron/at.allow"; AT_DENY="/usr/lib/cron/at.deny" ;; - Linux) AT_ALLOW="/etc/at.allow"; AT_DENY="/etc/at.deny" ;; - OpenBSD) AT_ALLOW="/var/cron/at.allow"; AT_DENY="/var/cron/at.deny" ;; - SunOS) AT_ALLOW="/etc/cron.d/at.allow"; AT_DENY="/etc/cron.d/at.deny" ;; + FreeBSD) AT_ALLOW="${ROOTDIR}var/at/at.allow"; AT_DENY="${ROOTDIR}var/at/at.deny" ;; + HPUX) AT_ALLOW="${ROOTDIR}usr/lib/cron/at.allow"; AT_DENY="${ROOTDIR}usr/lib/cron/at.deny" ;; + Linux) AT_ALLOW="${ROOTDIR}etc/at.allow"; AT_DENY="${ROOTDIR}etc/at.deny" ;; + OpenBSD) AT_ALLOW="${ROOTDIR}var/cron/at.allow"; AT_DENY="${ROOTDIR}var/cron/at.deny" ;; + SunOS) AT_ALLOW="${ROOTDIR}etc/cron.d/at.allow"; AT_DENY="${ROOTDIR}etc/cron.d/at.deny" ;; *) AT_UNKNOWN=1; LogText "Test skipped, files for at unknown" ;; esac if [ ${AT_UNKNOWN} -eq 0 ]; then @@ -232,14 +233,14 @@ if [ ${CANREAD} -eq 1 ]; then LogText "Result: file ${AT_ALLOW} exists, only listed users can schedule at jobs" FIND=$(${SORTBINARY} ${AT_ALLOW}) - if [ -z "${FIND}" ]; then + if IsEmpty "${FIND}"; then LogText "Result: File empty, no users are allowed to schedule at jobs" else - for I in ${FIND}; do - LogText "Allowed at user: ${I}" + for ITEM in ${FIND}; do + LogText "Allowed at user: ${ITEM}" done fi - else + else LogText "Result: can not read ${AT_ALLOW} (no permission)" fi else @@ -253,8 +254,8 @@ if [ -z "${FIND}" ]; then LogText "Result: file is empty, no users are denied access to schedule jobs" else - for I in ${FIND}; do - LogText "Denied at user: ${I}" + for ITEM in ${FIND}; do + LogText "Denied at user: ${ITEM}" done fi else @@ -281,10 +282,10 @@ if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Check scheduled at jobs" FIND=$(atq | ${GREPBINARY} -v "no files in queue" | ${AWKBINARY} '{gsub("\t"," ");print}' | ${SEDBINARY} 's/ /!space!/g') - if [ ! -z "${FIND}" ]; then + if HasData "${FIND}"; then LogText "Result: found one or more jobs" - for I in ${FIND}; do - VALUE=$(echo ${I} | ${SEDBINARY} 's/!space!/ /g') + for ITEM in ${FIND}; do + VALUE=$(echo ${ITEM} | ${SEDBINARY} 's/!space!/ /g') LogText "Found at job: ${VALUE}" done Display --indent 4 --text "- Checking at jobs" --result "${STATUS_FOUND}" --color GREEN -- cgit v1.2.3