Foundation for a scoped sudoers: route every genuine system-admin command (systemctl/ufw/ufw-docker/nft/apt/apt-get/pacman/sysctl/useradd/usermod/ service/wg/wg-quick/cscli/loginctl) through runSystem instead of raw sudo across 28 active scripts. runSystem is 'sudo "$@"' so this is byte-identical in every mode (safe on live installs) — it just collects all real-root use at one chokepoint that will define the eventual /etc/sudoers.d allowlist. Also: revert a crowdsec advice message the sweep wrongly rewrote (the admin types sudo, not runSystem), and give crontab_check_processor.sh the same startup bootstrap as the task processor — it runs standalone via cron and already used runFileOp/runFileWrite (undefined there), so it was silently broken; now it sources the helpers + docker-type config. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
26 lines
932 B
Bash
Executable File
26 lines
932 B
Bash
Executable File
#!/bin/bash
|
|
|
|
installCrontab()
|
|
{
|
|
if [[ "$CFG_REQUIREMENT_CRONTAB" == "true" ]]; then
|
|
if [[ "$CRONTAB_SETUP" == "false" ]]; then
|
|
isHeader "Crontab Install"
|
|
|
|
# Check to see if already installed
|
|
ISCRON=$( (sudo -u $sudo_user_name crontab -l) 2>&1 )
|
|
if [[ "$ISCRON" == *"command not found"* ]]; then
|
|
isNotice "Crontab is not installed, setting up now."
|
|
local result=$(runSystem apt update)
|
|
checkSuccess "Updating apt for post installation"
|
|
local result=$(runSystem apt install cron -y)
|
|
isSuccessful "Installing crontab application"
|
|
local result=$(sudo -u $sudo_user_name crontab -l)
|
|
isSuccessful "Enabling crontab on the system"
|
|
fi
|
|
|
|
isSuccessful "Crontab has been setup on the system"
|
|
#installCrontabSSHScan;
|
|
fi
|
|
fi
|
|
}
|