1fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew#!/bin/bash 29bad9aaf5d7f987f94dafeaa2ef07b596b153e5amridge######################################################## 39bad9aaf5d7f987f94dafeaa2ef07b596b153e5amridge# 49bad9aaf5d7f987f94dafeaa2ef07b596b153e5amridge# CHANGE ACTIVITY 59bad9aaf5d7f987f94dafeaa2ef07b596b153e5amridge# 637550cf5a86c7ca7424a2a318dd64e550f13f5dfChris Dearman# 10/01/04 Kris Wilson RHEL4 only allows super user 79bad9aaf5d7f987f94dafeaa2ef07b596b153e5amridge# to use crontab. 8469bddeda78df4e009006e668103f2befdd2b6damridge# to use crontab. 9469bddeda78df4e009006e668103f2befdd2b6damridge# 12/03/04 Marty Ridgeway Pull RHEl4 tests out from script 109bad9aaf5d7f987f94dafeaa2ef07b596b153e5amridge######################################################## 11fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 12fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewiam=`whoami` 13fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 14fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewif [ $iam = "root" ]; then 15fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew if [ $# -lt 1 ] ; then 16fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo Either do not run this script as root or start it like 17fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo " $0 <user>" 18fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew exit 1 19fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew fi 20fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 21fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew su $1 -c "$0 $*" 22fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew exit $? 23fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewfi 24fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 25fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# 26fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# 1. root einen cronjob unterjubeln 27fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# 28fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 29fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewfinalrc=0 30fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 31fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 32fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewcrontab -u root - << EOF 33fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew0 * * * * true 34fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewEOF 35fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 36fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewrc=$? 37fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 38fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewif [ $rc = "0" ]; then 39fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo root has now an interesting cron job 40469bddeda78df4e009006e668103f2befdd2b6damridge echo "crontab has a severe security breach (FAIL)" 41fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo 42fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew finalrc=1 43fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewelse 44469bddeda78df4e009006e668103f2befdd2b6damridge echo "Editing a crontab of another user failed successfully (PASS)" 45fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo 46fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewfi 47fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 48fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 49fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# 50fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# 2. write some illegal crontabs 51fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# 52fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 53fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# Save crontab 54fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 55fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew#crontab -l > /dev/null 2> /dev/null 56fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew#if [ $? = "0" ]; then 57fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# echo Saving current crontab... 58fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# echo 59fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# crontab -l > /tmp/save-crontab-`whoami` 60fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# savedcrontab=1 61fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# crontab -r 62fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew#fi 63fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 64fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew#for line in `cat cron_illegal_cron_lines | grep '^[^#]' | sed -e 's/[ \t][ \t]*/_/g'` ; do 65fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# line=`echo $line | sed -e 's/_/ /g'` 66fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew # echo Line: "$line" 67fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# cronconf=`echo "$line" | cut -f 1 -d '|'` 68fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# desc=`echo "$line" | cut -f 2 -d '|'` 69fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 70fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# echo "Test: $desc" 71fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# echo "$cronconf true" | crontab - 72fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew # echo "$cronconf" 73fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# if [ $? = "0" ]; then 74fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# echo 'Test FAILED (or crontab returned wrong exit code)' 75fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# echo 'crontab -l:' 76fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# crontab -l 77fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# finalrc=1 78fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# fi 79fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# echo 80fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew#done 81fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 82fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 83fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# Test whether cron uses setuid correctly 84fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 85fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewecho 86fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewecho setuid test 87fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewecho 88fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 89fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewtmpscript=cron_neg01_test 902bf2094f0c5339da1ee49c5eeb4feef0a9726e68Petr Vorelrm -rf $tmpscript.out >/dev/null 2>&1 91fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 92fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 93fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewcat > /tmp/$tmpscript << EOF 94fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewtouch /root/halloichwarhier 95fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewsleep 1 96fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewcat /root/halloichwarhier ; echo "res:$?" 97fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewrm /root/halloichwarhier 98fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewEOF 99fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 100fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewchmod 755 /tmp/$tmpscript 101fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 102fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# 103eb59974791eb58a96f2d60ac90f48de44d1952besubrata_modakcronline=`date '+%M' | awk '{print ($1+2)%60 " * * * * "}'` 104fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew(echo "$cronline /tmp/$tmpscript >> /tmp/$tmpscript.out 2>> /tmp/$tmpscript.out" ; \ 105fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo "$cronline /tmp/$tmpscript >> /$tmpscript.out 2>> /$tmpscript.out") \ 106fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew | crontab - 107fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 108fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewecho "sleeping 130 secs..." 109fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewsleep 130 110fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 111fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewecho 112fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewecho "Results:" 113fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewif [ "1" = `cat /tmp/$tmpscript.out | grep "res:0" | wc -l` ]; then 114fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo "setuid test part 1 successfully failed (PASS)" 115fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewelse 116fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo "cron executed scripts have root privileges! (FAIL)" 117fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew finalrc=1 118fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewfi 119fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 120fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewCODE=0 12137550cf5a86c7ca7424a2a318dd64e550f13f5dfChris Dearmantest -e /tmp/$tmpscript.out && CODE=1 122fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewif [ $CODE = "1" ]; then 123fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo "setuid test part 2 successfully failed (PASS)" 124fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewelse 125fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo "cron writes script output with root privileges! (FAIL)" 126fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew finalrc=1 127fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewfi 128fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewecho 129fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 1302bf2094f0c5339da1ee49c5eeb4feef0a9726e68Petr Vorelrm /tmp/$tmpscript* >/dev/null 2>&1 131fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewcrontab -r 132fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 133fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew# Restore crontab 134fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 135fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewif [ "$savedcrontab" = "1" ]; then 136fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew echo "Restoring crontab..." 137fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew cat /tmp/save-crontab-`whoami` | grep '^[^#]' | crontab - 138fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew # rm -r /tmp/save-crontab-`whoami` 139fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewfi 140fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiew 141fec8b66cf1ddbcb2a124bfe25c5e89e6417a22a3robbiewexit $finalrc 142