#!/bin/sh
#
#     tiger - A UN*X security checking system
#     Copyright (C) 1993 Douglas Lee Schales, David K. Hess, David R. Safford
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2, or (at your option)
#    any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#     Please see the file `COPYING' for the complete copyright notice.
#
# Linux/2/gen_cron - 06/14/93
# 10/01/2003 - jfs - Added check to see if CRONSPOOL can be read, also
#    fixed the way the information is read since LS might be locale
#    dependant and it's cleaner to call FIND than to access the directory
#    and list its contents.
# 03/27/2002 - jfs 
#    changed to add CRONSPOOLTAB and included ARSC change to not confuse
#    empty directories 
#
#
#-----------------------------------------------------------------------------
#
# Just in case... (jfs)
[ -z "$FIND" ] && FIND=`which find` 
[ -z "$LS" ] && LS=`which ls` 
[ -z "$GREP" ] && GREP=`which grep` 
[ -z "$SED" ] && SED=`which sed` 
[ -z "$BASENAME" ] && BASENAME=`which basename` 
[ -z "$CRONSPOOL" ] && CRONSPOOL="/var/spool/cron/crontabs"

[ ! -n "$GETUSERHOME" ] && GETUSERHOME=echo

outfile=$1
[ -z "$outfile" ] && { echo "Bad usage: $0 outfile"; exit 1;  }
> $outfile

# First check the System's cron files (all in /etc)
# these are output with just the cron owner and the file 
for dir in /etc/cron.hourly /etc/cron.daily /etc/cron.weekly /etc/cron.monthly
do
# TODO (fix): this code will return sometimes errors if the directory
# is empty (that's why it's redirected). Maybe find should be used instead
    if [ -d "$dir" -a -r "$dir" ]; then 
    	$FIND "$dir" -type f -printf "%p %u\n" |
	while read  file owner
	do
	[ "$owner" != "root" ] && {
		echo "--WARN-- CRON file \`$file' is owned by $owner."
	}
        echo "$owner $file" >> $outfile
       done
    fi
done 

# Then check the cron's spool (both of the system's and the user's)
# TODO (fix): same as above
if [ -d $CRONSPOOL -a -r $CRONSPOOL ]; then 
$FIND "$CRONSPOOL" -type f -printf "%p %u %f\n" |
while read  file owner name
do
  [ "$owner" != "root" ] && {
    echo "--WARN-- CRON file \`$file' is owned by $owner."
  }
  case $name in
    *[!a-zA-Z0-9]*)
      echo "--WARN-- Unusual cron file \`$file' found."
      ;;
    *)
      $GETUSERHOME "$file" >/dev/null 2>/dev/null

      if [ $? = 0 ]; then
	$SED -e 's/#.*$//' -e '/^$/d' $CRONSPOOL/$name |
	while read a b c d e command
	do
	  echo "$name $command"
	done >> $outfile
      else
	echo "--WARN-- Found cron file for unknown user $file."
      fi
      ;;
    esac
done
fi
