freedombone/src/freedombone-utils-cron

#!/bin/bash
#
# .---.                  .              .
# |                      |              |
# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
#
#                    Freedom in the Cloud
#
# Cron functions
#
# License
# =======
#
# Copyright (C) 2014-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

function cron_add_mins {
    if ! grep -q "${2}" /etc/crontab; then
        job_user='root'
        if [ $3 ]; then
            job_user=$3
        fi
        echo "*/${1}            * *   *   *   ${job_user} ${2}" >> /etc/crontab
        systemctl restart cron
    fi
}

function randomize_cron {
    # The predictable default timing of Debian cron jobs might
    # be exploitable knowledge. Avoid too much predictability
    # by randomizing the times when cron jobs run
    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
        return
    fi

    # randomize the day on which the weekly cron job runs
    randdow=$(($RANDOM%6+1))
    sed -i "s|\* \* 7|* * $randdow|g" /etc/crontab

    # randomize the time when the weekly cron job runs
    randmin=$(($RANDOM%60))
    randhr=$(($RANDOM%3+1))
    sed -i "s|47 6|$randmin $randhr|g" /etc/crontab

    # randomize the time when the daily cron job runs
    randmin=$(($RANDOM%60))
    randhr=$(($RANDOM%3+4))
    sed -i "s|25 6\t\* \* \*|$randmin $randhr\t* * *|g" /etc/crontab

    # randomize the time when the hourly cron job runs
    randmin=$(($RANDOM%60))
    sed -i "s|17 \*\t|$randmin *\t|g" /etc/crontab

    # randomize monthly cron job time and day
    randmin=$(($RANDOM%60))
    randhr=$(($RANDOM%22+1))
    randdom=$(($RANDOM%27+1))
    sed -i "s|52 6\t|$randmin $randhr\t|g" /etc/crontab
    sed -i "s|\t1 \* \*|\t$randdom * *|g" /etc/crontab

    systemctl restart cron

    mark_completed "${FUNCNAME[0]}"
}

function schedule_stig_tests {
    stig_tests_script=/tmp/stig_tests_script
    echo '#!/bin/bash' > $stig_tests_script
    echo "ADMIN_EMAIL_ADDRESS=${MY_USERNAME}@\${HOSTNAME}" >> $stig_tests_script
    echo "pkill ${PROJECT_NAME}-tests" >> $stig_tests_script
    echo 'rm -rf /tmp/*' >> $stig_tests_script
    echo "${PROJECT_NAME}-tests --stig yes > /tmp/daily-stig-tests" >> $stig_tests_script
    echo 'if [ ! "$?" = "0" ]; then' >> $stig_tests_script
    echo "    echo \"\$(cat /tmp/daily-stig-tests)\" | mail -s \"${PROJECT_NAME} STIG test failures\" \$ADMIN_EMAIL_ADDRESS" >> $stig_tests_script
    echo 'fi' >> $stig_tests_script
    echo 'if [ -f /tmp/daily-stig-tests ]; then' >> $stig_tests_script
    echo '  rm /tmp/daily-stig-tests' >> $stig_tests_script
    echo 'fi' >> $stig_tests_script
    chmod +x $stig_tests_script

    if [ ! -f /etc/cron.daily/stig_tests ]; then
        cp $stig_tests_script /etc/cron.daily/stig_tests
    else
        HASH1=$(sha256sum $stig_tests_script | awk -F ' ' '{print $1}')
        HASH2=$(sha256sum /etc/cron.daily/stig_tests | awk -F ' ' '{print $1}')
        if [[ "$HASH1" != "$HASH2" ]]; then
            cp $stig_tests_script /etc/cron.daily/stig_tests
        fi
    fi
    rm $stig_tests_script
}

# NOTE: deliberately there is no "exit 0"