All hosts have at least 1 crontab being identified as non-admin.
[WMCS Clinic Duty]
All hosts have at least 1 crontab being identified as non-admin.
[WMCS Clinic Duty]
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
localcrontab: Add prometheus as administrative crontab | operations/puppet | production | +1 -1 |
It's prometheus (a system user):
root@tools-webgrid-lighttpd-1428:~# ls /var/spool/cron/crontabs/ prometheus root root@tools-webgrid-lighttpd-1428:~# cat /var/spool/cron/crontabs/prometheus # DO NOT EDIT THIS FILE - edit the master and reinstall. # (- installed on Wed Jul 5 11:40:49 2017) # (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $) # HEADER: This file was autogenerated at 2017-07-05 11:40:49 +0000 by puppet. # HEADER: While it can still be managed manually, it is definitely not recommended. # HEADER: Note particularly that the comments starting with 'Puppet Name' should # HEADER: not be deleted, as doing so could cause duplicate cron jobs. # Puppet Name: prometheus_puppet_agent_stats * * * * * /usr/local/bin/prometheus-puppet-agent-stats --outfile /var/lib/prometheus/node.d/puppet_agent.prom
We could perhaps whitelist it.
Change 472028 had a related patch set uploaded (by GTirloni; owner: GTirloni):
[operations/puppet@production] localcrontab: Add prometheus as administrative crontab
Change 472028 merged by GTirloni:
[operations/puppet@production] localcrontab: Add prometheus as administrative crontab