#!/bin/sh
#
#     tiger - A UN*X security checking system
#     Copyright (C) 1993 Douglas Lee Schales, David K. Hess, David R. Safford
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2, or (at your option)
#    any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#     Please see the file `COPYING' for the complete copyright notice.
#
# Linux/2/gen_cron - 06/14/93
# Linux/2/gen_cron - 03/27/2002
#    changed to add CRONSPOOLTAB and included ARSC change to not confuse
#    empty directories 
#
#
#-----------------------------------------------------------------------------
#
# Just in case... (jfs)
[ -z "$LS" ] && LS=`which ls` 
[ -z "$GREP" ] && GREP=`which grep` 
[ -z "$SED" ] && SED=`which sed` 
[ -z "$CRONSPOOL" ] && CRONSPOOL="/var/spool/cron/crontabs"

[ ! -n "$GETUSERHOME" ] && GETUSERHOME=echo

outfile=$1
[ -z "$outfile" ] && { echo "Bad usage: $0 outfile"; exit 1;  }
> $outfile

# First check the System's cron files (all in /etc)
# these are output with just the cron owner and the file 
for dir in /etc/cron.hourly /etc/cron.daily /etc/cron.weekly /etc/cron.monthly
do
# TODO (fix): this code will return sometimes errors if the directory
# is empty (that's why it's redirected). Maybe find should be used instead
    if [ -d $dir ]; then 
    (
      cd $dir
      $LS -l $LSGROUP * 2>/dev/null
    ) |
    $GREP -v "total 0" |
    while read x y owner a b c d e file
    do
      [ "$owner" != "root" ] && {
	echo "--WARN-- CRON file \`$file' is owned by $owner."
      }
      echo "$owner $dir/$file" >> $outfile
    done
    fi
done 

# Then check the cron's spool (both of the system's and the user's)
# TODO (fix): same as above
if [ -d $CRONSPOOL ]; then 
(
  cd $CRONSPOOL
  $LS -l $LSGROUP * 2>/dev/null
) |
$GREP -v "total 0" |
while read x y owner a b c d e file
do
  [ "$owner" != "root" ] && {
    echo "--WARN-- CRON file \`$file' is owned by $owner."
  }
  case $file in
    *[!a-zA-Z0-9]*)
      echo "--WARN-- Unusual cron file \`$file' found."
      ;;
    *)
      $GETUSERHOME "$file" >/dev/null 2>/dev/null

      if [ $? = 0 ]; then
	$SED -e 's/#.*$//' -e '/^$/d' $CRONSPOOL/$file |
	while read a b c d e command
	do
	  echo "$file $command"
	done >> $outfile
      else
	echo "--WARN-- Found cron file for unknown user $file."
      fi
      ;;
    esac
done
fi
