Freeze break request: cron to check for anonymous trac permissions

[Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>]

Hi all,

I would like to get two +1's to add the following cron job to hosted03.
This will give us an overview of which trac projects have anonymous ticket editing or creation.




From 0443e6d8eff85b3e09f6218a24410c0a32217ff8 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
Date: Wed, 10 Sep 2014 19:59:52 +0000
Subject: [PATCH] Anonymous trac permission check

---
 manifests/services/hosted.pp                  |    1 +
 modules/scripts/files/trac-anonymous-check.sh |   12 ++++++++++++
 modules/scripts/manifests/init.pp             |   18 ++++++++++++++++++
 3 files changed, 31 insertions(+), 0 deletions(-)
 create mode 100644 modules/scripts/files/trac-anonymous-check.sh

diff --git a/manifests/services/hosted.pp b/manifests/services/hosted.pp
index 5540613..8b8b533 100644
--- a/manifests/services/hosted.pp
+++ b/manifests/services/hosted.pp
@@ -19,6 +19,7 @@ class hosted {
     include hotfix::python-fedora-django
     include cgit::cgit
     include cgit::clean-lock-cron
+    include scripts::trac-anonymous-check
 
     reviewboard::server { '/reviewboard/':
         secret_key => $reviewboardsecretkey,
diff --git a/modules/scripts/files/trac-anonymous-check.sh b/modules/scripts/files/trac-anonymous-check.sh
new file mode 100644
index 0000000..9e7268d
--- /dev/null
+++ b/modules/scripts/files/trac-anonymous-check.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+for project in `ls /srv/web/trac/projects`;
+do
+   PERMISSIONS="`sqlite3 /srv/web/trac/projects/$project/db/trac.db "select action from permission where username='anonymous';" | grep 'CREATE\|APPEND\|EDIT\|MODIFY'`"
+   if [ "" != "$PERMISSIONS" ];
+   then
+       echo -n $project
+       echo -n ": "
+       echo $PERMISSIONS
+       echo "------"
+   fi
+done
diff --git a/modules/scripts/manifests/init.pp b/modules/scripts/manifests/init.pp
index befff2d..3f85baf 100644
--- a/modules/scripts/manifests/init.pp
+++ b/modules/scripts/manifests/init.pp
@@ -17,6 +17,24 @@ class scripts::buildSB1Indexes {
 
 }
 
+class scripts::trac-anonymous-check {
+
+    file { '/usr/local/bin/trac-anonymous-check.sh':
+        source => 'puppet:///scripts/trac-anonymous-check.sh',
+        mode => '0755'
+    }
+
+   cron { trac-anonymous-check:
+        command => "/usr/local/bin/trac-anonymous-check.sh",
+        user => "root",
+        minute => 0,
+        hour => 0,
+        ensure => present,
+        require => File['/usr/local/bin/trac-anonymous-check.sh']
+   }
+
+}
+
 class scripts::confineSsh {
 
     file { '/usr/local/bin/confine-ssh.sh':
-- 
1.7.2.1



-- 
Thanks,
Patrick Uiterwijk

Attachment: pgpuDMXD6aW4H.pgp
Description: PGP signature

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure