1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
#!/bin/sh
#
# tiger - A UN*X security checking system
# Copyright (C) 1993 Douglas Lee Schales, David K. Hess, David R. Safford
#
# Please see the file COPYING for the complete copyright notice.
#
# check_cron - 06/14/93
#
# Ideas from Dan Farmer's 'cron.chk' from COPS 1.04.
#
#-----------------------------------------------------------------------------
#
TigerInstallDir='.'
#
# Set default base directory.
# Order or preference:
# -B option
# TIGERHOMEDIR environment variable
# TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}
for parm
do
case $parm in
-B) basedir=$2; break;;
esac
done
#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r "$basedir/config" ] && {
echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
exit 1
}
. $basedir/config
. $BASEDIR/initdefs
#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
haveallcmds AWK BASENAME CAT GEN_CRON_FILES LS RM TR SED || exit 1
haveallfiles BASEDIR WORKDIR || exit 1
echo "--CONFIG-- [init003c] $0: Configuration ok..."
exit 0
}
#------------------------------------------------------------------------
echo
echo "# Performing check of \`cron' entries..."
haveallcmds AWK BASENAME LS GEN_CRON_FILES LS SED RM TR || exit 1
haveallfiles BASEDIR WORKDIR || exit 1
realpath="$REALPATH -d"
[ ! -n "$REALPATH" -o ! $TESTEXEC "$REALPATH" ] && realpath=echo
lowner=
{
$GEN_CRON_FILES $WORKDIR/cron.in.$$
#
# Be careful if you muck around in this loop. Since we are reading
# commands from these cron entries, they can have shell meta-characters
# in them. We try to eliminate some of them, but there is no guarantee.
# dls
#
while read owner command
do
com="`echo \"$command\" | $SED -e 's/[0-9]*>//g' | $TR -d '()\;\`&!|'`"
# Can't 'set' this because of shell meta-characters.
cmd="`echo \"$com\" | $AWK '{print $1}'`"
base=`$BASENAME "$cmd"`
case "$base" in
sh|csh|ksh|tcsh|zsh|bash)
[ "$2" != "-c" ] && cmd=$2;;
esac
[ -n "$TigerCheckEmbedded" -a -f "$cmd" -a "$owner" = 'root' ] && {
echo "$cmd root.crontab" >> $TigerCheckEmbedded
}
case "$cmd" in
/*|cd|echo|if|else|then) ;;
*) message WARN cron001w "command = $command" "cron entry for $owner does not use full pathname";;
esac
[ "$owner" != "$lowner" ] && {
curdir=/
[ -n "$GETUSERHOME" ] && curdir=`$GETUSERHOME $owner`
lowner=$owner
}
setcurdir=0
for comp in $com
do
[ $setcurdir -eq 1 ] && {
curdir="$comp"
setcurdir=0
}
case "$comp" in
*/*) {
case "$comp" in
/*) ;;
*) comp="$curdir/$comp";;
esac
[ ! -c "$comp" -a ! -b "$comp" ] && {
lgetpermit "$comp" |
pathmsg cron002 cron003 "$comp" $owner "cron entry for $owner uses" "$command"
}
}
;;
cd) setcurdir=1;;
esac
done
done < $WORKDIR/cron.in.$$
} |
$OUTPUTMETHOD
delete $WORKDIR/cron.in.$$
|
