#! /bin/bash
#
# check_executables_in_tmpdir
# Check a directory for executables and become angry if we find them
#
# Copyright (C) 2022 Jacob Babor <jacob@babor.tech>
#
# Distributed under terms of the MIT license.
#

set -e

tmpdir="/tmp"

#
# Compile a list of executables found in /tmp
#
# Note that we deliberately use the -perm flag instead of the -executable flag
#
# This is by design, as -executable will fail on systems with noexec on the
# filesystem we're checking. This runs counter to our goal here, which is just
# to see if some skid has dumped a cryptominer on the machine.
#
executables=""
while read line; do
	if [ -z "$executables" ]; then
		executables="$line"
	else
		executables="$executables, $line"
	fi
done < <(find "$tmpdir" -type f -perm /u=x,g=x,o=x 2>/dev/null || true )


# If we found any, become angry
if [ -n "$executables" ]; then
	echo "CRITICAL: Found executables in $tmpdir: $executables"
	exit 2
else
	echo "OK: No executables in $tmpdir"
	exit 0
fi