Project

General

Profile

Actions

Bug #7508

closed

The rudder-agent cron on AIX uses if then, which makes some security test fails

Added by Nicolas CHARLES over 6 years ago. Updated over 6 years ago.

Status:
Released
Priority:
N/A
Category:
System integration
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:

Description

Some security tools on AIX checks the content on the cron, and expect only binaries there
However, we are using if and then, which make the tool complain, as they are not binaries

I'm not sure if it is a rudder bug or the tool that is too strict; but I'm tracing it.


Subtasks 1 (0 open1 closed)

Bug #7517: Erroneous use of "\&" in initial promisesReleasedNicolas CHARLES2015-11-30Actions

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #7525: Use whole path to binaries in cron from check-rudder-agent on AIXReleasedBenoît PECCATTE2015-12-01Actions
Actions #1

Updated by Jonathan CLARKE over 6 years ago

What is the cron line that triggers these test failures?

Actions #2

Updated by Nicolas CHARLES over 6 years ago

the only one set on AIX

if [ -x /opt/rudder/bin/check-rudder-agent ]; then /opt/rudder/bin/check-rudder-agent >/dev/null; fi

Actions #3

Updated by Benoît PECCATTE over 6 years ago

Does it test && ?
We can use this line instead
[ -x /opt/rudder/bin/check-rudder-agent ] && /opt/rudder/bin/check-rudder-agent >/dev/null

Actions #4

Updated by Nicolas CHARLES over 6 years ago

Unfortunately, this does not work

0,5,10,15,20,25,30,35,40,45,50,55 * * * * [ -x /opt/rudder/bin/check-rudder-agent ] && /opt/rudder/bin/check-rudder-agent >/dev/null
Detailed debug from aixpert:
***** AIX MACHINE : Nov 30 17:09:47 ******

rootcrnjobck.sh: Cronjob [ do not have a binary/script associated with it

Actions #5

Updated by Jonathan CLARKE over 6 years ago

Well, the whole test if the file exists is a bit superfluous. We could just run the script, no?

Actions #6

Updated by Nicolas CHARLES over 6 years ago

Jonathan CLARKE wrote:

Well, the whole test if the file exists is a bit superfluous. We could just run the script, no?

I do agree, but if we really want to keep it, we can use

test -x /opt/rudder/bin/check-rudder-agent && /opt/rudder/bin/check-rudder-agent  

as it passes the tests
Actions #7

Updated by Jonathan CLARKE over 6 years ago

  • Target version changed from 3.2.0~beta1 to 2.10.20
Actions #8

Updated by Jonathan CLARKE over 6 years ago

  • Status changed from New to In progress
  • Assignee set to Jonathan CLARKE
Actions #9

Updated by Jonathan CLARKE over 6 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Jonathan CLARKE to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/809
Actions #10

Updated by Jonathan CLARKE over 6 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100
Actions #12

Updated by Nicolas CHARLES over 6 years ago

Actually, using the whole path would even be better !

Actions #13

Updated by Nicolas CHARLES over 6 years ago

  • Related to Bug #7525: Use whole path to binaries in cron from check-rudder-agent on AIX added
Actions #14

Updated by Vincent MEMBRÉ over 6 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.10.20, 2.11.17, 3.0.12 and 3.1.5 which were released today.

Actions

Also available in: Atom PDF