Bug #7508
closed
The rudder-agent cron on AIX uses if then, which makes some security test fails
Description
Some security tools on AIX checks the content on the cron, and expect only binaries there
However, we are using if and then, which make the tool complain, as they are not binaries
I'm not sure if it is a rudder bug or the tool that is too strict; but I'm tracing it.
Updated by Jonathan CLARKE almost 9 years ago
What is the cron line that triggers these test failures?
Updated by Nicolas CHARLES almost 9 years ago
the only one set on AIX
if [ -x /opt/rudder/bin/check-rudder-agent ]; then /opt/rudder/bin/check-rudder-agent >/dev/null; fi
Updated by Benoît PECCATTE almost 9 years ago
Does it test && ?
We can use this line instead
[ -x /opt/rudder/bin/check-rudder-agent ] && /opt/rudder/bin/check-rudder-agent >/dev/null
Updated by Nicolas CHARLES almost 9 years ago
Unfortunately, this does not work
0,5,10,15,20,25,30,35,40,45,50,55 * * * * [ -x /opt/rudder/bin/check-rudder-agent ] && /opt/rudder/bin/check-rudder-agent >/dev/null Detailed debug from aixpert: ***** AIX MACHINE : Nov 30 17:09:47 ****** rootcrnjobck.sh: Cronjob [ do not have a binary/script associated with it
Updated by Jonathan CLARKE almost 9 years ago
Well, the whole test if the file exists is a bit superfluous. We could just run the script, no?
Updated by Nicolas CHARLES almost 9 years ago
Jonathan CLARKE wrote:
Well, the whole test if the file exists is a bit superfluous. We could just run the script, no?
I do agree, but if we really want to keep it, we can use
test -x /opt/rudder/bin/check-rudder-agent && /opt/rudder/bin/check-rudder-agent
as it passes the tests
Updated by Jonathan CLARKE almost 9 years ago
- Target version changed from 3.2.0~beta1 to 2.10.20
Updated by Jonathan CLARKE almost 9 years ago
- Status changed from New to In progress
- Assignee set to Jonathan CLARKE
Updated by Jonathan CLARKE almost 9 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Jonathan CLARKE to Benoît PECCATTE
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/809
Updated by Jonathan CLARKE almost 9 years ago
- Status changed from Pending technical review to Pending release
- % Done changed from 0 to 100
Applied in changeset rudder-techniques|e0a3bc381bce3bf418867934b948b17d61219b69.
Updated by Nicolas CHARLES almost 9 years ago
Applied in changeset rudder-techniques|a6e8e3420ff286ef54d18fc4e4947de6fff726d8.
Updated by Nicolas CHARLES almost 9 years ago
Actually, using the whole path would even be better !
Updated by Nicolas CHARLES almost 9 years ago
- Related to Bug #7525: Use whole path to binaries in cron from check-rudder-agent on AIX added
Updated by Vincent MEMBRÉ almost 9 years ago
- Status changed from Pending release to Released