forked from e-m-b-a/emba
-
Notifications
You must be signed in to change notification settings - Fork 1
/
S80_cronjob_check.sh
executable file
·116 lines (104 loc) · 4.38 KB
/
S80_cronjob_check.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#!/bin/bash -p
# EMBA - EMBEDDED LINUX ANALYZER
#
# Copyright 2020-2023 Siemens AG
# Copyright 2020-2024 Siemens Energy AG
#
# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
# EMBA is licensed under GPLv3
# SPDX-License-Identifier: GPL-3.0-only
#
# Author(s): Michael Messner, Pascal Eckmann
# Description: Examine all files for cronjob configuration, e.g. cron or crontab
# and lists their jobs and other possible intriguing details.
S80_cronjob_check()
{
module_log_init "${FUNCNAME[0]}"
module_title "Check cronjobs"
pre_module_reporter "${FUNCNAME[0]}"
local lRESULTS=0
local lCJ_FILE_PATH_ARR=()
local lCJ_FILE=""
local lCT_VAR=""
mapfile -t lCJ_FILE_PATH_ARR < <(mod_path "/ETC_PATHS/cron")
for lCJ_FILE in "${lCJ_FILE_PATH_ARR[@]}"; do
if [[ -e "${lCJ_FILE}" ]] ; then
local lCRONJOBS=""
# This check is based on source code from LinEnum: https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh
# lCRONJOBS=$(ls -la "${lCJ_FILE}"* 2>/dev/null)
lCRONJOBS=$(find "${lCJ_FILE}"* -xdev -type f 2>/dev/null)
if [[ "${lCRONJOBS}" ]] ; then
print_output "[+] Cronjobs:"
print_output "$(indent "${lCRONJOBS}")"
((lRESULTS+=1))
fi
fi
done
for lCJ_FILE in "${lCJ_FILE_PATH_ARR[@]}" ; do
if [[ -e "${lCJ_FILE}" ]] ; then
local lCRONJOBWWPERMS=""
# This check is based on source code from LinEnum: https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh
lCRONJOBWWPERMS=$(find "${lCJ_FILE}"* -xdev -perm -0002 -type f -exec ls -la {} \; -exec cat {} \; 2>/dev/null)
if [[ "${lCRONJOBWWPERMS}" ]] ; then
print_output "[+] World-writable cron jobs and file contents:"
print_output "$(indent "${lCRONJOBWWPERMS}")"
((lRESULTS+=1))
fi
fi
done
mapfile -t lCJ_FILE_PATH_ARR < <(mod_path "/ETC_PATHS/crontab")
for lCJ_FILE in "${lCJ_FILE_PATH_ARR[@]}"; do
if [[ -e "${lCJ_FILE}" ]] ; then
local lCRONTABVALUE=""
# This check is based on source code from LinEnum: https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh
lCRONTABVALUE=$(cat "${lCJ_FILE}" 2>/dev/null)
if [[ "${lCRONTABVALUE}" ]] ; then
print_output "[+] Crontab content:"
print_output "$(indent "${lCRONTABVALUE}")"
((lRESULTS+=1))
fi
fi
done
# mapfile -t lCJ_FILE_PATH_ARR < <(mod_path "/var/spool/cron/crontabs")
mapfile -t lCJ_FILE_PATH_ARR < <(find "${FIRMWARE_PATH}" -xdev -type d -iwholename "/var/spool/cron/crontabs")
for lCT_VAR in "${lCJ_FILE_PATH_ARR[@]}"; do
local lCRONTABVAR=""
# This check is based on source code from LinEnum: https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh
# lCRONTABVAR=$(ls -la "${lCT_VAR}" 2>/dev/null)
lCRONTABVAR=$(find "${lCT_VAR}"* -type f -ls 2>/dev/null)
if [[ "${lCRONTABVAR}" ]] ; then
print_output "[+] Anything interesting in ""$(print_path "${lCT_VAR}")"
print_output "$(indent "${lCRONTABVAR}")"
((lRESULTS+=1))
fi
done
mapfile -t lCJ_FILE_PATH_ARR < <(mod_path "/ETC_PATHS/anacrontab")
for lCJ_FILE in "${lCJ_FILE_PATH_ARR[@]}"; do
if [[ -e "${lCJ_FILE}" ]] ; then
local lANACRONJOBS=""
# This check is based on source code from LinEnum: https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh
lANACRONJOBS=$(ls -la "${lCJ_FILE}" 2>/dev/null; cat "${lCJ_FILE}" 2>/dev/null)
if [[ "${lANACRONJOBS}" ]] ; then
print_output "[+] Anacron jobs and associated file permissions:"
print_output "$(indent "${lANACRONJOBS}")"
((lRESULTS+=1))
fi
fi
done
# mapfile -t lCJ_FILE_PATH_ARR < <(mod_path "/var/spool/anacron")
mapfile -t lCJ_FILE_PATH_ARR < <(find "${FIRMWARE_PATH}" -xdev -type d -iwholename "/var/spool/anacron")
for lCT_VAR in "${lCJ_FILE_PATH_ARR[@]}"; do
local lANACRONTAB=""
# This check is based on source code from LinEnum: https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh
lANACRONTAB=$(ls -la "${lCT_VAR}" 2>/dev/null || true)
if [[ "${lANACRONTAB}" ]] ; then
print_output "[+] When were jobs last executed (""$(print_path "${lCT_VAR}")"")"
print_output "$(indent "${lANACRONTAB}")"
((lRESULTS+=1))
fi
done
module_end_log "${FUNCNAME[0]}" "${lRESULTS}"
}