Project

General

Profile

Actions
Copy link

Bug #7508

closed

The rudder-agent cron on AIX uses if then, which makes some security test fails

Bug #7508: The rudder-agent cron on AIX uses if then, which makes some security test fails

Added by Nicolas CHARLES about 10 years ago. Updated about 10 years ago.

Status:
Released
Priority:
N/A
Assignee:
Benoît PECCATTE
Category:
System integration
Target version:
2.10.20
Pull Request:
https://github.com/Normation/rudder-t...
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

Some security tools on AIX checks the content on the cron, and expect only binaries there
However, we are using if and then, which make the tool complain, as they are not binaries

I'm not sure if it is a rudder bug or the tool that is too strict; but I'm tracing it.

Subtasks 1 (0 open1 closed)

Bug #7517: Erroneous use of "\&" in initial promisesReleasedNicolas CHARLESActions

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #7525: Use whole path to binaries in cron from check-rudder-agent on AIXReleasedBenoît PECCATTEActions

Updated by Jonathan CLARKE about 10 years ago Actions
Copy link
 #1

What is the cron line that triggers these test failures?

Updated by Nicolas CHARLES about 10 years ago Actions
Copy link
 #2

the only one set on AIX

if [ -x /opt/rudder/bin/check-rudder-agent ]; then /opt/rudder/bin/check-rudder-agent >/dev/null; fi

Updated by Benoît PECCATTE about 10 years ago Actions
Copy link
 #3

Does it test && ?
We can use this line instead
[ -x /opt/rudder/bin/check-rudder-agent ] && /opt/rudder/bin/check-rudder-agent >/dev/null

Updated by Nicolas CHARLES about 10 years ago Actions
Copy link
 #4

Unfortunately, this does not work

0,5,10,15,20,25,30,35,40,45,50,55 * * * * [ -x /opt/rudder/bin/check-rudder-agent ] && /opt/rudder/bin/check-rudder-agent >/dev/null
Detailed debug from aixpert:
***** AIX MACHINE : Nov 30 17:09:47 ******

rootcrnjobck.sh: Cronjob [ do not have a binary/script associated with it

Updated by Jonathan CLARKE about 10 years ago Actions
Copy link
 #5

Well, the whole test if the file exists is a bit superfluous. We could just run the script, no?

Updated by Nicolas CHARLES about 10 years ago Actions
Copy link
 #6

Jonathan CLARKE wrote:

Well, the whole test if the file exists is a bit superfluous. We could just run the script, no?

I do agree, but if we really want to keep it, we can use

test -x /opt/rudder/bin/check-rudder-agent && /opt/rudder/bin/check-rudder-agent

as it passes the tests

Updated by Jonathan CLARKE about 10 years ago Actions
Copy link
 #7

  • Target version changed from 3.2.0~beta1 to 2.10.20

Updated by Jonathan CLARKE about 10 years ago Actions
Copy link
 #8

  • Status changed from New to In progress
  • Assignee set to Jonathan CLARKE

Updated by Jonathan CLARKE about 10 years ago Actions
Copy link
 #9

  • Status changed from In progress to Pending technical review
  • Assignee changed from Jonathan CLARKE to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/809

Updated by Jonathan CLARKE about 10 years ago Actions
Copy link
 #10

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100

Updated by Nicolas CHARLES about 10 years ago Actions
Copy link
 #12

Actually, using the whole path would even be better !

Updated by Nicolas CHARLES about 10 years ago Actions
Copy link
 #13

  • Related to Bug #7525: Use whole path to binaries in cron from check-rudder-agent on AIX added

Updated by Vincent MEMBRÉ about 10 years ago Actions
Copy link
 #14

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.10.20, 2.11.17, 3.0.12 and 3.1.5 which were released today.

Actions
Copy link

Also available in: PDF Atom