From: thib Date: Fri, 9 Sep 2005 21:02:52 +0000 (+0000) Subject: changes to make the script cleaner and more secure X-Git-Tag: ver3_0_0^0 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=07c369cd4723f4e6d90d670176f8ed7907964882;p=fcron changes to make the script cleaner and more secure --- diff --git a/script/check_system_crontabs b/script/check_system_crontabs index ef499a3..d523593 100755 --- a/script/check_system_crontabs +++ b/script/check_system_crontabs @@ -51,52 +51,60 @@ # 2004/11/12 maasj@dm.org Original version # 2005/02/24 Thibault Godouet Modified to be used with dnotify # + bug fixes and enhancement. +# 2005/04/27 Daniel Himler Security enhancements and cleanups. # CROND_DIR=/etc/cron.d FCRONTAB_PROG=/usr/bin/fcrontab CRONTAB_FILE=/etc/crontab FCRONTAB_FILE=/etc/fcrontab -FCRONTAB_FILE_GEN=/etc/fcrontab-script-gen -FCRONTAB_FILE_TMP=/etc/fcrontab.tmp +if [ -x `type -p mktemp` ]; then + FCRONTAB_FILE_TMP=`mktemp /tmp/fcrontab.XXXXXX` +else + FCRONTAB_FILE_TMP=/tmp/fcrontab.$$ +fi +FCRONTABS_DIR=/var/spool/fcron SLEEP_TIME_BEFORE_REBUILD=30 # Function to build up a system crontab and tell fcron it's changed rebuild_and_notify() { - logger -s -t "[check_system_crontabs]" "Rebuilding the system fcrontab ..." + logger -i -p cron.notice -t "check_system_crontabs" "Rebuilding the system fcrontab..." # put a warning message at the top of the file - echo -e "########################################" > $FCRONTAB_FILE_GEN - echo -e "# WARNING!!! DO NOT EDIT THIS FILE!!! #" >> $FCRONTAB_FILE_GEN - echo -e "########################################" >> $FCRONTAB_FILE_GEN - echo -e "# Do not edit this file! It is automatically generated from" >> $FCRONTAB_FILE_GEN - echo -e "# the $CRONTAB_FILE, the $FCRONTAB_FILE and $CROND_DIR/* files whenever one of" >> $FCRONTAB_FILE_GEN - echo -e "# those files is changed.\n#\n\n" >> $FCRONTAB_FILE_GEN - - # include the standard system crontab file - echo -e "\n\n########################################\n# $CRONTAB_FILE\n########################################\n" >> $FCRONTAB_FILE_GEN - cat $CRONTAB_FILE >> $FCRONTAB_FILE_GEN + echo -e "########################################" > $FCRONTAB_FILE_TMP + echo -e "# WARNING!!! DO NOT EDIT THIS FILE!!! #" >> $FCRONTAB_FILE_TMP + echo -e "########################################" >> $FCRONTAB_FILE_TMP + echo -e "# Do not edit this file! It is automatically generated from" >> $FCRONTAB_FILE_TMP + echo -e "# the $CRONTAB_FILE, the $FCRONTAB_FILE and $CROND_DIR/* files whenever one of" >> $FCRONTAB_FILE_TMP + echo -e "# those files is changed.\n#\n\n" >> $FCRONTAB_FILE_TMP + + # include the standard system crontab file if it is not a symbolic link + if [ ! -L $CRONTAB_FILE ]; then + echo -e "\n\n########################################\n# $CRONTAB_FILE\n########################################\n" >> $FCRONTAB_FILE_TMP + cat $CRONTAB_FILE >> $FCRONTAB_FILE_TMP + fi # print a nice filename header for each file in /etc/cron.d/ # and include its contents into the new fcron system crontab for i in $CROND_DIR/* ; do if [ $i != "RCS" ] ; then - echo -e "\n\n########################################\n# $CROND_DIR/$i\n########################################\n" >> $FCRONTAB_FILE_GEN - cat $i >> $FCRONTAB_FILE_GEN + echo -e "\n\n########################################\n# $i\n########################################\n" >> $FCRONTAB_FILE_TMP + cat $i >> $FCRONTAB_FILE_TMP fi done - # include the system fcrontab file - echo -e "\n\n########################################\n# $FCRONTAB_FILE\n########################################\n" >> $FCRONTAB_FILE_GEN - cat $FCRONTAB_FILE >> $FCRONTAB_FILE_GEN + # include the system fcrontab file if it is not a symbolic link + if [ ! -L $FCRONTAB_FILE ]; then + echo -e "\n\n########################################\n# $FCRONTAB_FILE\n########################################\n" >> $FCRONTAB_FILE_TMP + cat $FCRONTAB_FILE >> $FCRONTAB_FILE_TMP + fi # Replace "@hourly" style Vixie cron extensions which fcron doesn't parse - cat $FCRONTAB_FILE_GEN | sed -e "s/@yearly/0 0 1 1 */g" -e "s/@annually/0 0 1 1 */g" -e "s/@monthly/0 0 1 * */g" -e "s/@weekly/0 0 * * 0/g" -e "s/@daily/0 0 * * */g" -e "s/@midnight/0 0 * * */g" -e "s/@hourly/0 * * * */g" > $FCRONTAB_FILE_TMP - mv -f $FCRONTAB_FILE_TMP $FCRONTAB_FILE_GEN + sed -i -e "s/@yearly/0 0 1 1 */g" -e "s/@annually/0 0 1 1 */g" -e "s/@monthly/0 0 1 * */g" -e "s/@weekly/0 0 * * 0/g" -e "s/@daily/0 0 * * */g" -e "s/@midnight/0 0 * * */g" -e "s/@hourly/0 * * * */g" $FCRONTAB_FILE_TMP # notify fcron about the updated file - $FCRONTAB_PROG $FCRONTAB_FILE_GEN -u systab + $FCRONTAB_PROG $FCRONTAB_FILE_TMP -u systab } NEED_REBUILD=0 @@ -112,7 +120,7 @@ sleep $SLEEP_TIME_BEFORE_REBUILD # This test works for file creation/deletion (deletion is not detected # by the next test) -if [ $CROND_DIR -nt $FCRONTAB_FILE_GEN ]; then +if [ $CROND_DIR -nt $FCRONTABS_DIR/systab.orig ]; then NEED_REBUILD=1 @@ -121,7 +129,7 @@ else # Test each one and see if it's newer than our timestamp file for i in $CROND_DIR/* ; do if [ $i != "RCS" ]; then - if [ $i -nt $FCRONTAB_FILE_GEN ]; then + if [ $i -nt $FCRONTABS_DIR/systab.orig ]; then NEED_REBUILD=1 @@ -132,7 +140,7 @@ else fi # Test the standard /etc/crontab file and see if it has changed -if [ $NEED_REBUILD -eq 0 -a \( $CRONTAB_FILE -nt $FCRONTAB_FILE_GEN -o $FCRONTAB_FILE -nt $FCRONTAB_FILE_GEN \) ]; then +if [ $NEED_REBUILD -eq 0 -a \( $CRONTAB_FILE -nt $FCRONTABS_DIR/systab.orig -o $FCRONTAB_FILE -nt $FCRONTABS_DIR/systab.orig \) ]; then NEED_REBUILD=1 @@ -143,3 +151,5 @@ if [ $NEED_REBUILD -eq 1 ]; then rebuild_and_notify fi + +rm -f $FCRONTAB_FILE_TMP