Bug #7508: The rudder-agent cron on AIX uses if then, which makes some security test fails - Rudder - Issue Tracker

Custom queries

8.1 beta
Bugs triage
CS - by priority
CS - to review
My TR
Need technical review
Open bugs (all)
Open bugs (UI - UX)
Open UX defects (all)
Opened by users

Actions

Copy link

Bug #7508

closed

The rudder-agent cron on AIX uses if then, which makes some security test fails

Added by Nicolas CHARLES almost 9 years ago. Updated almost 9 years ago.

Status:

Released

Priority:

N/A

Assignee:

Benoît PECCATTE

Category:

System integration

Target version:

2.10.20

Pull Request:

https://github.com/Normation/rudder-t...

Severity:

UX impact:

User visibility:

Effort required:

Priority:

Name check:

Fix check:

Regression:

Description

Some security tools on AIX checks the content on the cron, and expect only binaries there
However, we are using if and then, which make the tool complain, as they are not binaries

I'm not sure if it is a rudder bug or the tool that is too strict; but I'm tracing it.

Subtasks 1 (0 open — 1 closed)

Bug #7517: Erroneous use of "\&" in initial promises

Released

Nicolas CHARLES

2015-11-30

Actions

Related issues 1 (0 open — 1 closed)

Related to Rudder - Bug #7525: Use whole path to binaries in cron from check-rudder-agent on AIX

Released

Benoît PECCATTE

2015-12-01

Actions

Issue # Delay: days Cancel

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Jonathan CLARKE almost 9 years ago

What is the cron line that triggers these test failures?

Actions

Copy link

Updated by Nicolas CHARLES almost 9 years ago

the only one set on AIX

if [ -x /opt/rudder/bin/check-rudder-agent ]; then /opt/rudder/bin/check-rudder-agent >/dev/null; fi

Actions

Copy link

Updated by Benoît PECCATTE almost 9 years ago

Does it test && ?
We can use this line instead
[ -x /opt/rudder/bin/check-rudder-agent ] && /opt/rudder/bin/check-rudder-agent >/dev/null

Actions

Copy link

Updated by Nicolas CHARLES almost 9 years ago

Unfortunately, this does not work

0,5,10,15,20,25,30,35,40,45,50,55 * * * * [ -x /opt/rudder/bin/check-rudder-agent ] && /opt/rudder/bin/check-rudder-agent >/dev/null
Detailed debug from aixpert:
***** AIX MACHINE : Nov 30 17:09:47 ******

rootcrnjobck.sh: Cronjob [ do not have a binary/script associated with it

Actions

Copy link

Updated by Jonathan CLARKE almost 9 years ago

Well, the whole test if the file exists is a bit superfluous. We could just run the script, no?

Actions

Copy link

Updated by Nicolas CHARLES almost 9 years ago

Jonathan CLARKE wrote:

Well, the whole test if the file exists is a bit superfluous. We could just run the script, no?

I do agree, but if we really want to keep it, we can use

test -x /opt/rudder/bin/check-rudder-agent && /opt/rudder/bin/check-rudder-agent

as it passes the tests

Actions

Copy link

Updated by Jonathan CLARKE almost 9 years ago

Target version changed from 3.2.0~beta1 to 2.10.20

Actions

Copy link

Updated by Jonathan CLARKE almost 9 years ago

Status changed from New to In progress
Assignee set to Jonathan CLARKE

Actions

Copy link

Updated by Jonathan CLARKE almost 9 years ago

Status changed from In progress to Pending technical review
Assignee changed from Jonathan CLARKE to Benoît PECCATTE
Pull Request set to https://github.com/Normation/rudder-techniques/pull/809

PR https://github.com/Normation/rudder-techniques/pull/809

Actions

Copy link

#10