Immunizing Cron Jobs - Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
types of programs, refer to
(page 194).
Network Agents
Programs (servers and clients) that have open network ports. User clients, such as
mail clients and Web browsers mediate privilege. These programs run with the
privilege to write to the user's home directory and they process input from poten-
tially hostile remote sources, such as hostile Web sites and e-mailed malicious
code. For instructions for finding these types of programs, refer to
"Immunizing Network Agents"
Conversely, unprivileged programs do not need to be profiled. For instance, a shell
script might invoke the cp program to copy a file. Because cp does not have its own
profile, it inherits the profile of the parent shell script, so can copy any files that the
parent shell script's profile can read and write.
20.3 Immunizing cron Jobs
To find programs that are run by cron, inspect your local cron configuration. Unfortu-
nately, cron configuration is rather complex, so there are numerous files to inspect.
Periodic cron jobs are run from these files:
/etc/crontab
/etc/cron.d/*
/etc/cron.daily/*
/etc/cron.hourly/*
/etc/cron.monthly/*
/etc/cron.weekly/*
For root's cron jobs, edit the tasks with crontab -e and list root's cron tasks
with crontab -l. You must be root for these to work.
Once you find these programs, you can use the Add Profile Wizard to create profiles
for them. Refer to
Section 23.1, "Adding a Profile Using the Wizard"
Section 20.4.1, "Immunizing Web Applications"
(page 196).
Section 20.4.2,
(page 227).
Immunizing Programs
191
Advertisement
Table of Contents
