From 31a0115606ed9067ec907b8dffd2570441e4c5d5 Mon Sep 17 00:00:00 2001
From: Moe Jette <jette1@llnl.gov>
Date: Thu, 12 Jan 2006 00:45:58 +0000
Subject: [PATCH] Update list of files checked for access rights and ownership

---
 .../slurm_unit/slurmctld/security_2_1.csh     | 58 +++++++++++--------
 1 file changed, 35 insertions(+), 23 deletions(-)

diff --git a/testsuite/slurm_unit/slurmctld/security_2_1.csh b/testsuite/slurm_unit/slurmctld/security_2_1.csh
index 4e2bea917de..f9434078e72 100755
--- a/testsuite/slurm_unit/slurmctld/security_2_1.csh
+++ b/testsuite/slurm_unit/slurmctld/security_2_1.csh
@@ -1,38 +1,50 @@
 #!/bin/csh
-setenv CONFIG /etc/slurm/slurm.conf
+setenv CONFIG /etc/slurm
 setenv DEPLOY /usr
 
-echo "Insure that executable files are not user writable"
+echo ""
+echo "Insure that executable files are not world writable"
 ls -ld $DEPLOY/bin/srun
+ls -ld $DEPLOY/bin/sacct
 ls -ld $DEPLOY/bin/sinfo
 ls -ld $DEPLOY/bin/squeue
 ls -ld $DEPLOY/bin/scontrol
 ls -ld $DEPLOY/bin/scancel
-ls -ld $DEPLOY/sbin/slurmctld
-ls -ld $DEPLOY/sbin/slurmd
+ls -ld $DEPLOY/sbin/slurm*
 ls -ld $CONFIG
+ls -l  $CONFIG
 
-echo "Insure that configured files are not user writable"
-grep Epilog $CONFIG
-#ls -ld /admin/sbin/slurm.epilog
+echo ""
+echo "Insure that configured files are not world writable"
+grep Prolog $CONFIG/slurm.conf
+ls -ld /etc/slurm/prolog
+ls -ld $DEPLOY/sbin/slurm_prolog
 
-echo "Private Key must be non-readable too"
-grep JobCredential $CONFIG
+grep Epilog $CONFIG/slurm.conf
+ls -ld /etc/slurm/epilog
+ls -ld $DEPLOY/sbin/slurm_epilog
+
+echo ""
+echo "Both Job Keys are not world readable"
+echo "Private Key must not be world readable too"
+grep JobCredential $CONFIG/slurm.conf
 ls -ld /etc/slurm/slurm.key
 ls -ld /etc/slurm/slurm.cert
 
-echo "Plugin directory and its contents must be non-writable"
-grep PluginDir $CONFIG
-ls -ld /usr/lib/slurm
-ls -l  /usr/lib/slurm
-
-grep Prolog $CONFIG
-#ls -ld /admin/sbin/slurm.prolog
+echo ""
+echo "Plugin directory and its contents must not be world writable"
+grep PluginDir $CONFIG/slurm.conf
+ls -ld /usr/lib*/slurm
+ls -l  /usr/lib*/slurm
 
-echo "Spool and log files must be non-writeable"
-grep SlurmdSpoolDir $CONFIG
-ls -ld /var/spool/slurm
-grep StateSaveLocation $CONFIG
-ls -ld /usr/local/tmp/slurm/adev
-grep SlurmctldLogFile $CONFIG
-ls -ld /var/log/slurm/slurmctld.log
+echo ""
+echo "Spool and log files must be not be world writeable"
+grep SlurmdSpoolDir $CONFIG/slurm.conf
+grep StateSaveLocation $CONFIG/slurm.conf
+grep SlurmctldLogFile $CONFIG/slurm.conf
+grep SlurmdLogFile $CONFIG/slurm.conf
+grep JobCompLog $CONFIG/slurm.conf
+ls -ld /usr/local/tmp/slurm/bgl
+ls -l  /usr/local/tmp/slurm/bgl
+ls -ld /var/log/slurm*
+ls -l  /var/log/slurm*
-- 
GitLab