Skip to content
Snippets Groups Projects
Commit 31a01156 authored by Moe Jette's avatar Moe Jette
Browse files

Update list of files checked for access rights and ownership

parent feec92b5
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
testsuite/slurm_unit/slurmctld/security_2_1.csh
+ 35
23
View file @ 31a01156
#!/bin/csh
setenv CONFIG /etc/slurm/slurm.conf
setenv CONFIG /etc/slurm
setenv DEPLOY /usr
echo "Insure that executable files are not user writable"
echo ""
echo "Insure that executable files are not world writable"
ls -ld $DEPLOY/bin/srun
ls -ld $DEPLOY/bin/sacct
ls -ld $DEPLOY/bin/sinfo
ls -ld $DEPLOY/bin/squeue
ls -ld $DEPLOY/bin/scontrol
ls -ld $DEPLOY/bin/scancel
ls -ld $DEPLOY/sbin/slurmctld
ls -ld $DEPLOY/sbin/slurmd
ls -ld $DEPLOY/sbin/slurm*
ls -ld $CONFIG
ls -l $CONFIG
echo "Insure that configured files are not user writable"
grep Epilog $CONFIG
#ls -ld /admin/sbin/slurm.epilog
echo ""
echo "Insure that configured files are not world writable"
grep Prolog $CONFIG/slurm.conf
ls -ld /etc/slurm/prolog
ls -ld $DEPLOY/sbin/slurm_prolog
echo "Private Key must be non-readable too"
grep JobCredential $CONFIG
grep Epilog $CONFIG/slurm.conf
ls -ld /etc/slurm/epilog
ls -ld $DEPLOY/sbin/slurm_epilog
echo ""
echo "Both Job Keys are not world readable"
echo "Private Key must not be world readable too"
grep JobCredential $CONFIG/slurm.conf
ls -ld /etc/slurm/slurm.key
ls -ld /etc/slurm/slurm.cert
echo "Plugin directory and its contents must be non-writable"
grep PluginDir $CONFIG
ls -ld /usr/lib/slurm
ls -l /usr/lib/slurm
grep Prolog $CONFIG
#ls -ld /admin/sbin/slurm.prolog
echo ""
echo "Plugin directory and its contents must not be world writable"
grep PluginDir $CONFIG/slurm.conf
ls -ld /usr/lib*/slurm
ls -l /usr/lib*/slurm
echo "Spool and log files must be non-writeable"
grep SlurmdSpoolDir $CONFIG
ls -ld /var/spool/slurm
grep StateSaveLocation $CONFIG
ls -ld /usr/local/tmp/slurm/adev
grep SlurmctldLogFile $CONFIG
ls -ld /var/log/slurm/slurmctld.log
echo ""
echo "Spool and log files must be not be world writeable"
grep SlurmdSpoolDir $CONFIG/slurm.conf
grep StateSaveLocation $CONFIG/slurm.conf
grep SlurmctldLogFile $CONFIG/slurm.conf
grep SlurmdLogFile $CONFIG/slurm.conf
grep JobCompLog $CONFIG/slurm.conf
ls -ld /usr/local/tmp/slurm/bgl
ls -l /usr/local/tmp/slurm/bgl
ls -ld /var/log/slurm*
ls -l /var/log/slurm*
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
Nutzungsbedingungen | Datenschutzerklärung | Barrierefreiheitserklärung