/usr/lib/tiger/systems/Linux/2/gen_cron is in tiger 1:3.2.3-12.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 | #!/bin/sh
#
# tiger - A UN*X security checking system
# Copyright (C) 1993 Douglas Lee Schales, David K. Hess, David R. Safford
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# Please see the file `COPYING' for the complete copyright notice.
#
# Linux/2/gen_cron - 06/14/93
# 11/08/2007 - jfs - Handles properly the case when the special @daily,@reboot,
# etc. definitions are used instead of real times. Also fix
# bug deailing with variables in crontab contents
# (Debian bug 418440)
# 03/21/2005 - jfs - Fixed -a checks to be POSIX compatbile
# 10/01/2003 - jfs - Added check to see if CRONSPOOL can be read, also
# fixed the way the information is read since LS might be locale
# dependant and it's cleaner to call FIND than to access the directory
# and list its contents.
# 03/27/2002 - jfs
# changed to add CRONSPOOLTAB and included ARSC change to not confuse
# empty directories
#
#
#-----------------------------------------------------------------------------
#
# Just in case... (jfs)
[ -z "$FIND" ] && FIND=`which find`
[ -z "$LS" ] && LS=`which ls`
[ -z "$GREP" ] && GREP=`which grep`
[ -z "$SED" ] && SED=`which sed`
[ -z "$BASENAME" ] && BASENAME=`which basename`
[ -z "$CRONSPOOL" ] && CRONSPOOL="/var/spool/cron/crontabs"
[ ! -n "$GETUSERHOME" ] && GETUSERHOME=echo
outfile=$1
[ -z "$outfile" ] && { echo "Bad usage: $0 outfile"; exit 1; }
> $outfile
# First check the System's cron files (all in /etc)
# these are output with just the cron owner and the file
for dir in /etc/cron.hourly /etc/cron.daily /etc/cron.weekly /etc/cron.monthly
# TODO: consider using cron.* as suggested by unspawn instead of
# an explicit for
do
if [ -d "$dir" ] && [ -r "$dir" ]; then
$FIND "$dir" -type f -printf "%p %u\n" |
while read file owner
do
[ "$owner" != "root" ] && {
echo "--WARN-- CRON file \`$file' is owned by $owner."
}
echo "$owner $file" >> $outfile
done
fi
done
# Then check the cron's spool (both of the system's and the user's)
# TODO (fix): same as above
if [ -d $CRONSPOOL ] && [ -r $CRONSPOOL ]; then
$FIND "$CRONSPOOL" -type f -printf "%p %u %f\n" |
while read file owner name
do
[ "$owner" != "root" ] && {
echo "--WARN-- CRON file \`$file' is owned by $owner."
}
case $name in
*[!a-zA-Z0-9]*)
echo "--WARN-- Unusual cron file \`$file' found."
;;
*)
$GETUSERHOME "$file" >/dev/null 2>/dev/null
if [ $? = 0 ]; then
# Parse the crontab file:
# - Replace '@' commands (Debian-specific), since we don't care on
# times we just replace them with '0 0 0 0 0'
# - Remove variable definitions
$SED -e 's/#.*$//' -e '/^$/d' $CRONSPOOL/$name |
$SED -e 's/^@[A-Za-z]*/0 0 0 0 0/' |
$SED -e '/^[A-Za-z]*.*=/d' |
while read a b c d e command
do
[ -n "$command" ] && echo "$name $command"
done >> $outfile
else
echo "--WARN-- Found cron file for unknown user $file."
fi
;;
esac
done
fi
|