#! /bin/bash
#
# check_executables_in_tmpdir
# Check a directory for executables and become angry if we find them
#
# Copyright (C) 2022 Jacob Babor <jacob@babor.tech>
#
# Distributed under terms of the MIT license.
#

set -e

tmpdir="/tmp"
minfileage="3600"

#
# Compile a list of executables found in /tmp
#
# Note that we deliberately use the -perm flag instead of the -executable flag
#
# This is by design, as -executable will fail on systems with noexec on the
# filesystem we're checking. This runs counter to our goal here, which is just
# to see if some skid has dumped a cryptominer on the machine.
#
executables=""
while read line; do
	# Ignore recently-created files
	# This is so things like Ansible plays don't trigger us
	filetimestamp="$(stat -c %Y -- "$line")"
	now="$(date +%s)"
	age="$(( now - filetimestamp ))"
	if (( age <= minfileage )); then
		continue
	fi
	# Add it to the list
	if [ -z "$executables" ]; then
		executables="$line"
	else
		executables="$executables, $line"
	fi
done < <(find "$tmpdir" -type f -perm /u=x,g=x,o=x 2>/dev/null || true )


# If we found any, become angry
if [ -n "$executables" ]; then
	echo "CRITICAL: Found executables in $tmpdir: $executables"
	exit 2
else
	echo "OK: No executables in $tmpdir older than ${minfileage}s"
	exit 0
fi