freedomboneeee/src/freedombone-utils-cron

#!/bin/bash
#  _____               _           _
# |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# |   __|  _| -_| -_| . | . |     | . | . |   | -_|
# |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
#                              Freedom in the Cloud
#
# Cron functions
#
# License
# =======
#
# Copyright (C) 2014-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

function cron_add_mins {
    if ! grep -q "${2}" /etc/crontab; then
        job_user='root'
        if [ "$3" ]; then
            job_user=$3
        fi
        echo "*/${1}            * *   *   *   ${job_user} ${2}" >> /etc/crontab
        systemctl restart cron
    fi
}

function randomize_cron {
    # The predictable default timing of Debian cron jobs might
    # be exploitable knowledge. Avoid too much predictability
    # by randomizing the times when cron jobs run
    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
        return
    fi

    # randomize the day on which the weekly cron job runs
    randdow=$((RANDOM%6+1))
    sed -i "s|\\* \\* 7|* * $randdow|g" /etc/crontab

    # randomize the time when the weekly cron job runs
    randmin=$((RANDOM%60))
    randhr=$((RANDOM%3+1))
    sed -i "s|47 6|$randmin $randhr|g" /etc/crontab

    # randomize the time when the daily cron job runs
    randmin=$((RANDOM%60))
    randhr=$((RANDOM%3+4))
    sed -i "s|25 6\\t\\* \\* \\*|$randmin $randhr\\t* * *|g" /etc/crontab

    # randomize the time when the hourly cron job runs
    randmin=$((RANDOM%60))
    sed -i "s|17 \\*\\t|$randmin *\\t|g" /etc/crontab

    # randomize monthly cron job time and day
    randmin=$((RANDOM%60))
    randhr=$((RANDOM%22+1))
    randdom=$((RANDOM%27+1))
    sed -i "s|52 6\\t|$randmin $randhr\\t|g" /etc/crontab
    sed -i "s|\\t1 \\* \\*|\\t$randdom * *|g" /etc/crontab

    systemctl restart cron

    mark_completed "${FUNCNAME[0]}"
}

function schedule_stig_tests {
    stig_tests_script=/tmp/stig_tests_script
    { echo '#!/bin/bash';
      echo "ADMIN_EMAIL_ADDRESS=${MY_USERNAME}@\${HOSTNAME}";
      echo "pkill ${PROJECT_NAME}-tests";
      echo 'rm -rf /tmp/*';
      echo "${PROJECT_NAME}-tests --stig yes > /tmp/daily-stig-tests";
      echo 'if [ ! "$?" = "0" ]; then';
      echo "    echo \"\$(cat /tmp/daily-stig-tests)\" | mail -s \"${PROJECT_NAME} STIG test failures\" \$ADMIN_EMAIL_ADDRESS";
      echo 'fi';
      echo 'if [ -f /tmp/daily-stig-tests ]; then';
      echo '  rm /tmp/daily-stig-tests';
      echo 'fi'; } > $stig_tests_script
    chmod +x $stig_tests_script

    if [ ! -f /etc/cron.daily/stig_tests ]; then
        cp $stig_tests_script /etc/cron.daily/stig_tests
    else
        HASH1=$(sha256sum $stig_tests_script | awk -F ' ' '{print $1}')
        HASH2=$(sha256sum /etc/cron.daily/stig_tests | awk -F ' ' '{print $1}')
        if [[ "$HASH1" != "$HASH2" ]]; then
            cp $stig_tests_script /etc/cron.daily/stig_tests
        fi
    fi
    rm $stig_tests_script
}

# NOTE: deliberately there is no "exit 0"
Stockholm initial 2016-07-03 17:13:34 +02:00			`#!/bin/bash`
Update header logos 2018-04-08 14:30:21 +02:00			`# _____ _ _`
			`# \| __\|___ ___ ___ _\| \|___ _____\| \|_ ___ ___ ___`
			`# \| __\| _\| -_\| -_\| . \| . \| \| . \| . \| \| -_\|`
			`# \|__\| \|_\| \|___\|___\|___\|___\|_\|_\|_\|___\|___\|_\|_\|___\|`
Stockholm initial 2016-07-03 17:13:34 +02:00			`#`
Update header logos 2018-04-08 14:30:21 +02:00			`# Freedom in the Cloud`
Stockholm initial 2016-07-03 17:13:34 +02:00			`#`
			`# Cron functions`
			`#`
			`# License`
			`# =======`
			`#`
Dates 2018-02-21 20:32:13 +01:00			`# Copyright (C) 2014-2018 Bob Mottram <bob@freedombone.net>`
Stockholm initial 2016-07-03 17:13:34 +02:00			`#`
			`# This program is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU Affero General Public License as published by`
			`# the Free Software Foundation, either version 3 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU Affero General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU Affero General Public License`
			`# along with this program. If not, see <http://www.gnu.org/licenses/>.`

			`function cron_add_mins {`
Tidying 2016-10-16 20:50:56 +02:00			`if ! grep -q "${2}" /etc/crontab; then`
Add an irc bouncer 2016-10-25 21:59:03 +02:00			`job_user='root'`
Tidying cron utils 2018-02-25 16:16:23 +01:00			`if [ "$3" ]; then`
Add an irc bouncer 2016-10-25 21:59:03 +02:00			`job_user=$3`
			`fi`
			`echo "/${1} * * * ${job_user} ${2}" >> /etc/crontab`
Tidying 2016-10-16 20:50:56 +02:00			`systemctl restart cron`
			`fi`
Stockholm initial 2016-07-03 17:13:34 +02:00			`}`

			`function randomize_cron {`
Tidying 2016-10-16 20:50:56 +02:00			`# The predictable default timing of Debian cron jobs might`
			`# be exploitable knowledge. Avoid too much predictability`
			`# by randomizing the times when cron jobs run`
Function name is an array 2018-02-25 13:50:46 +01:00			`if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then`
Tidying 2016-10-16 20:50:56 +02:00			`return`
			`fi`
Stockholm initial 2016-07-03 17:13:34 +02:00
Tidying 2016-10-16 20:50:56 +02:00			`# randomize the day on which the weekly cron job runs`
Tidying cron utils 2018-02-25 16:16:23 +01:00			`randdow=$((RANDOM%6+1))`
			`sed -i "s\|\\* \\* 7\|* * $randdow\|g" /etc/crontab`
Stockholm initial 2016-07-03 17:13:34 +02:00
Tidying 2016-10-16 20:50:56 +02:00			`# randomize the time when the weekly cron job runs`
Tidying cron utils 2018-02-25 16:16:23 +01:00			`randmin=$((RANDOM%60))`
			`randhr=$((RANDOM%3+1))`
Tidying 2016-10-16 20:50:56 +02:00			`sed -i "s\|47 6\|$randmin $randhr\|g" /etc/crontab`
Stockholm initial 2016-07-03 17:13:34 +02:00
Tidying 2016-10-16 20:50:56 +02:00			`# randomize the time when the daily cron job runs`
Tidying cron utils 2018-02-25 16:16:23 +01:00			`randmin=$((RANDOM%60))`
			`randhr=$((RANDOM%3+4))`
			`sed -i "s\|25 6\\t\\* \\* \\\|$randmin $randhr\\t * *\|g" /etc/crontab`
Stockholm initial 2016-07-03 17:13:34 +02:00
Tidying 2016-10-16 20:50:56 +02:00			`# randomize the time when the hourly cron job runs`
Tidying cron utils 2018-02-25 16:16:23 +01:00			`randmin=$((RANDOM%60))`
			`sed -i "s\|17 \\\\t\|$randmin \\t\|g" /etc/crontab`
Stockholm initial 2016-07-03 17:13:34 +02:00
Tidying 2016-10-16 20:50:56 +02:00			`# randomize monthly cron job time and day`
Tidying cron utils 2018-02-25 16:16:23 +01:00			`randmin=$((RANDOM%60))`
			`randhr=$((RANDOM%22+1))`
			`randdom=$((RANDOM%27+1))`
			`sed -i "s\|52 6\\t\|$randmin $randhr\\t\|g" /etc/crontab`
			`sed -i "s\|\\t1 \\* \\\|\\t$randdom *\|g" /etc/crontab`
Stockholm initial 2016-07-03 17:13:34 +02:00
Tidying 2016-10-16 20:50:56 +02:00			`systemctl restart cron`
Stockholm initial 2016-07-03 17:13:34 +02:00
Function name is an array 2018-02-25 13:50:46 +01:00			`mark_completed "${FUNCNAME[0]}"`
Stockholm initial 2016-07-03 17:13:34 +02:00			`}`

Schedule daily STIG tests 2016-11-30 22:00:17 +01:00			`function schedule_stig_tests {`
Only copy stig tests script if it changes 2017-08-05 21:41:21 +02:00			`stig_tests_script=/tmp/stig_tests_script`
Tidying cron utils 2018-02-25 16:16:23 +01:00			`{ echo '#!/bin/bash';`
			`echo "ADMIN_EMAIL_ADDRESS=${MY_USERNAME}@\${HOSTNAME}";`
			`echo "pkill ${PROJECT_NAME}-tests";`
			`echo 'rm -rf /tmp/*';`
			`echo "${PROJECT_NAME}-tests --stig yes > /tmp/daily-stig-tests";`
			`echo 'if [ ! "$?" = "0" ]; then';`
			`echo " echo \"\$(cat /tmp/daily-stig-tests)\" \| mail -s \"${PROJECT_NAME} STIG test failures\" \$ADMIN_EMAIL_ADDRESS";`
			`echo 'fi';`
			`echo 'if [ -f /tmp/daily-stig-tests ]; then';`
			`echo ' rm /tmp/daily-stig-tests';`
			`echo 'fi'; } > $stig_tests_script`
Only copy stig tests script if it changes 2017-08-05 21:41:21 +02:00			`chmod +x $stig_tests_script`

			`if [ ! -f /etc/cron.daily/stig_tests ]; then`
			`cp $stig_tests_script /etc/cron.daily/stig_tests`
			`else`
			`HASH1=$(sha256sum $stig_tests_script \| awk -F ' ' '{print $1}')`
			`HASH2=$(sha256sum /etc/cron.daily/stig_tests \| awk -F ' ' '{print $1}')`
			`if [[ "$HASH1" != "$HASH2" ]]; then`
			`cp $stig_tests_script /etc/cron.daily/stig_tests`
			`fi`
			`fi`
			`rm $stig_tests_script`
Schedule daily STIG tests 2016-11-30 22:00:17 +01:00			`}`

Stockholm initial 2016-07-03 17:13:34 +02:00			`# NOTE: deliberately there is no "exit 0"`