lib/sys_watchdog/main.rb in sys_watchdog-0.1.1 vs lib/sys_watchdog/main.rb in sys_watchdog-0.1.2
- old
+ new
@@ -1,11 +1,11 @@
class SysWatchdog
DEFAULT_CONF_FILE = '/etc/sys_watchdog.yml'
DEFAULT_LOG_FILE = '/var/log/sys_watchdog.log'
def initialize conf_file: nil, log_file: nil
- log_file ||= DEFAULT_LOG_FILE
+ log_file ||= DEFAULT_LOG_FILE
conf_file ||= DEFAULT_CONF_FILE
@logger = WdLogger.new log_file
parse_conf conf_file
@@ -35,19 +35,36 @@
end
end
end
def parse_conf conf_file
- raise "Conf file #{conf_file} not found." unless File.exist? conf_file
+ check_conf_file conf_file
conf = YAML.load_file conf_file
conf.deep_symbolize_keys!
@conf = OpenStruct.new conf[:config]
@tests = conf[:tests].keys.map { |name|
WdTest.new(name, conf[:tests][name], @logger)
}
+ end
+
+ def check_conf_file conf_file
+ unless File.readable? conf_file
+ raise "Conf file #{conf_file} not found or unreadable. Aborting."
+ end
+
+ conf_stat = File.stat conf_file
+
+ unless conf_stat.mode.to_s(8) =~ /0600$/
+ raise "Conf file #{conf_file} must have mode 0600. Aborting."
+ end
+
+ unless (conf_stat.uid == 0 and conf_stat.gid == 0) or
+ (conf_stat.uid == Process.uid and conf_stat.gid == Process.gid)
+ raise "Conf file #{conf_file} must have uid/gid set to root or to current running uid/gid. Aborting."
+ end
end
def run_test test, after_restore: false
new_status, exitstatus, output = test.run