project-config/jenkins/scripts/jenkins-sudo-grep.sh

59 lines
2.0 KiB
Bash
Raw Normal View History

#!/bin/bash
# Copyright 2012 Hewlett-Packard Development Company, L.P.
# Copyright 2013 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# Find out if jenkins has attempted to run any sudo commands by checking
# the auth.log or secure log files before and after a test run.
PATTERN="sudo.*jenkins.*:.*\(incorrect password attempts\|command not allowed\)"
case $( facter osfamily ) in
Debian)
OLDLOGFILE=/var/log/auth.log.1
LOGFILE=/var/log/auth.log
;;
RedHat)
OLDLOGFILE=$( ls /var/log/secure-* | sort | tail -n1 )
LOGFILE=/var/log/secure
;;
esac
case "$1" in
pre)
rm -fr /tmp/jenkins-sudo-log
mkdir /tmp/jenkins-sudo-log
if [ -f $OLDLOGFILE ]; then
stat -c %Y $OLDLOGFILE > /tmp/jenkins-sudo-log/mtime-pre
else
echo "0" > /tmp/jenkins-sudo-log/mtime-pre
fi
grep -h "$PATTERN" $LOGFILE > /tmp/jenkins-sudo-log/pre
exit 0
;;
post)
if [ -f $OLDLOGFILE ]; then
stat -c %Y $OLDLOGFILE > /tmp/jenkins-sudo-log/mtime-post
else
echo "0" > /tmp/jenkins-sudo-log/mtime-post
fi
if ! diff /tmp/jenkins-sudo-log/mtime-pre /tmp/jenkins-sudo-log/mtime-post > /dev/null; then
echo "diff"
grep -h "$PATTERN" $OLDLOGFILE > /tmp/jenkins-sudo-log/post
fi
grep -h "$PATTERN" $LOGFILE >> /tmp/jenkins-sudo-log/post
diff /tmp/jenkins-sudo-log/pre /tmp/jenkins-sudo-log/post
;;
esac