Hi all,

I would like to get two +1's to add the following cron job to hosted03. This will give us an overview of which trac projects have anonymous ticket editing or creation.

From 0443e6d8eff85b3e09f6218a24410c0a32217ff8 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk puiterwijk@redhat.com Date: Wed, 10 Sep 2014 19:59:52 +0000 Subject: [PATCH] Anonymous trac permission check

--- manifests/services/hosted.pp | 1 + modules/scripts/files/trac-anonymous-check.sh | 12 ++++++++++++ modules/scripts/manifests/init.pp | 18 ++++++++++++++++++ 3 files changed, 31 insertions(+), 0 deletions(-) create mode 100644 modules/scripts/files/trac-anonymous-check.sh

diff --git a/manifests/services/hosted.pp b/manifests/services/hosted.pp index 5540613..8b8b533 100644 --- a/manifests/services/hosted.pp +++ b/manifests/services/hosted.pp @@ -19,6 +19,7 @@ class hosted { include hotfix::python-fedora-django include cgit::cgit include cgit::clean-lock-cron + include scripts::trac-anonymous-check

reviewboard::server { '/reviewboard/': secret_key => $reviewboardsecretkey, diff --git a/modules/scripts/files/trac-anonymous-check.sh b/modules/scripts/files/trac-anonymous-check.sh new file mode 100644 index 0000000..9e7268d --- /dev/null +++ b/modules/scripts/files/trac-anonymous-check.sh @@ -0,0 +1,12 @@ +#!/bin/bash +for project in `ls /srv/web/trac/projects`; +do + PERMISSIONS="`sqlite3 /srv/web/trac/projects/$project/db/trac.db "select action from permission where username='anonymous';" | grep 'CREATE|APPEND|EDIT|MODIFY'`" + if [ "" != "$PERMISSIONS" ]; + then + echo -n $project + echo -n ": " + echo $PERMISSIONS + echo "------" + fi +done diff --git a/modules/scripts/manifests/init.pp b/modules/scripts/manifests/init.pp index befff2d..3f85baf 100644 --- a/modules/scripts/manifests/init.pp +++ b/modules/scripts/manifests/init.pp @@ -17,6 +17,24 @@ class scripts::buildSB1Indexes {

}

+class scripts::trac-anonymous-check { + + file { '/usr/local/bin/trac-anonymous-check.sh': + source => 'puppet:///scripts/trac-anonymous-check.sh', + mode => '0755' + } + + cron { trac-anonymous-check: + command => "/usr/local/bin/trac-anonymous-check.sh", + user => "root", + minute => 0, + hour => 0, + ensure => present, + require => File['/usr/local/bin/trac-anonymous-check.sh'] + } + +} + class scripts::confineSsh {

file { '/usr/local/bin/confine-ssh.sh':