01848c95bb
It's possible for OLDLOGFILE to not exist since the LOGFILE may not have
rotated yet. However, this leads to broken behavior in the CI like the
following one:
2017-07-18 07:43:14.996187 | ls: cannot access '/var/log/messages-*': No such file or directory
2017-07-18 07:43:14.997653 | stat: missing operand
2017-07-18 07:43:14.997688 | Try 'stat --help' for more information.
So even though the OLDLOGFILE variable is empty ('ls' returned nothing)
the following branch is taken which is definitely not what we expected.
if [ -f $OLDLOGFILE ]; then...
The reason for that, is that the branch is really ends up being
"if [ -f ]; then" which in turn is "if [ -n -f ]; then"
So the branch really checks if the '-f' string is non-empty.
There are possible ways to fix that, but the simplest one is to simply
quote the "OLDLOGFILE" variable so the branch behaves as we expected it
to.
Change-Id: I8e928fc1ba601ca4cf3dfaa02806bdb9dfefc61b
62 lines
2.2 KiB
Bash
Executable File
62 lines
2.2 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Copyright 2012 Hewlett-Packard Development Company, L.P.
|
|
# Copyright 2013 OpenStack Foundation
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
# Find out if jenkins has attempted to run any sudo commands by checking
|
|
# the auth.log or secure log or messages files before and after a test run.
|
|
|
|
PATTERN="sudo.*jenkins.*:.*\(incorrect password attempts\|command not allowed\)"
|
|
if [ -f /var/log/auth.log ]; then
|
|
OLDLOGFILE=/var/log/auth.log.1
|
|
LOGFILE=/var/log/auth.log
|
|
elif [ -f /var/log/secure ]; then
|
|
OLDLOGFILE=$( ls /var/log/secure-* | sort | tail -n1 )
|
|
LOGFILE=/var/log/secure
|
|
elif [ -f /var/log/messages ]; then
|
|
OLDLOGFILE=$( ls /var/log/messages-* | sort | tail -n1 )
|
|
LOGFILE=/var/log/messages
|
|
else
|
|
echo "*** Could not find auth.log/secure/messages log for sudo tracing"
|
|
exit 1
|
|
fi
|
|
|
|
case "$1" in
|
|
pre)
|
|
rm -fr /tmp/jenkins-sudo-log
|
|
mkdir /tmp/jenkins-sudo-log
|
|
if [ -f "$OLDLOGFILE" ]; then
|
|
stat -c %Y $OLDLOGFILE > /tmp/jenkins-sudo-log/mtime-pre
|
|
else
|
|
echo "0" > /tmp/jenkins-sudo-log/mtime-pre
|
|
fi
|
|
grep -h "$PATTERN" $LOGFILE > /tmp/jenkins-sudo-log/pre
|
|
exit 0
|
|
;;
|
|
post)
|
|
if [ -f "$OLDLOGFILE" ]; then
|
|
stat -c %Y $OLDLOGFILE > /tmp/jenkins-sudo-log/mtime-post
|
|
else
|
|
echo "0" > /tmp/jenkins-sudo-log/mtime-post
|
|
fi
|
|
if ! diff /tmp/jenkins-sudo-log/mtime-pre /tmp/jenkins-sudo-log/mtime-post > /dev/null; then
|
|
echo "diff"
|
|
grep -h "$PATTERN" $OLDLOGFILE > /tmp/jenkins-sudo-log/post
|
|
fi
|
|
grep -h "$PATTERN" $LOGFILE >> /tmp/jenkins-sudo-log/post
|
|
diff /tmp/jenkins-sudo-log/pre /tmp/jenkins-sudo-log/post
|
|
;;
|
|
esac
|