Freeze break request: cron to check for anonymous trac permissions
Patrick Uiterwijk
puiterwijk at redhat.com
Wed Sep 10 20:09:54 UTC 2014
Hi all,
I would like to get two +1's to add the following cron job to hosted03.
This will give us an overview of which trac projects have anonymous ticket editing or creation.
From 0443e6d8eff85b3e09f6218a24410c0a32217ff8 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk at redhat.com>
Date: Wed, 10 Sep 2014 19:59:52 +0000
Subject: [PATCH] Anonymous trac permission check
---
manifests/services/hosted.pp | 1 +
modules/scripts/files/trac-anonymous-check.sh | 12 ++++++++++++
modules/scripts/manifests/init.pp | 18 ++++++++++++++++++
3 files changed, 31 insertions(+), 0 deletions(-)
create mode 100644 modules/scripts/files/trac-anonymous-check.sh
diff --git a/manifests/services/hosted.pp b/manifests/services/hosted.pp
index 5540613..8b8b533 100644
--- a/manifests/services/hosted.pp
+++ b/manifests/services/hosted.pp
@@ -19,6 +19,7 @@ class hosted {
include hotfix::python-fedora-django
include cgit::cgit
include cgit::clean-lock-cron
+ include scripts::trac-anonymous-check
reviewboard::server { '/reviewboard/':
secret_key => $reviewboardsecretkey,
diff --git a/modules/scripts/files/trac-anonymous-check.sh b/modules/scripts/files/trac-anonymous-check.sh
new file mode 100644
index 0000000..9e7268d
--- /dev/null
+++ b/modules/scripts/files/trac-anonymous-check.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+for project in `ls /srv/web/trac/projects`;
+do
+ PERMISSIONS="`sqlite3 /srv/web/trac/projects/$project/db/trac.db "select action from permission where username='anonymous';" | grep 'CREATE\|APPEND\|EDIT\|MODIFY'`"
+ if [ "" != "$PERMISSIONS" ];
+ then
+ echo -n $project
+ echo -n ": "
+ echo $PERMISSIONS
+ echo "------"
+ fi
+done
diff --git a/modules/scripts/manifests/init.pp b/modules/scripts/manifests/init.pp
index befff2d..3f85baf 100644
--- a/modules/scripts/manifests/init.pp
+++ b/modules/scripts/manifests/init.pp
@@ -17,6 +17,24 @@ class scripts::buildSB1Indexes {
}
+class scripts::trac-anonymous-check {
+
+ file { '/usr/local/bin/trac-anonymous-check.sh':
+ source => 'puppet:///scripts/trac-anonymous-check.sh',
+ mode => '0755'
+ }
+
+ cron { trac-anonymous-check:
+ command => "/usr/local/bin/trac-anonymous-check.sh",
+ user => "root",
+ minute => 0,
+ hour => 0,
+ ensure => present,
+ require => File['/usr/local/bin/trac-anonymous-check.sh']
+ }
+
+}
+
class scripts::confineSsh {
file { '/usr/local/bin/confine-ssh.sh':
--
1.7.2.1
--
Thanks,
Patrick Uiterwijk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20140910/2eb41bac/attachment.sig>
More information about the infrastructure
mailing list