Immunizing Cron Jobs - Novell LINUX ENTERPRISE SERVER 11 - SECURITY Manual
Hide thumbs
Also See for LINUX ENTERPRISE SERVER 11 - SECURITY:
- Installation (5 pages) ,
- Administration manual (452 pages)
Table of Contents
Advertisement
types of programs, refer to
(page 234).
Network Agents
Programs (servers and clients) that have open network ports. User clients, such as
mail clients and Web browsers mediate privilege. These programs run with the
privilege to write to the user's home directory and they process input from poten-
tially hostile remote sources, such as hostile Web sites and e-mailed malicious
code. For instructions for finding these types of programs, refer to
"Immunizing Network Agents"
Conversely, unprivileged programs do not need to be profiled. For instance, a shell
script might invoke the cp program to copy a file. Because cp does not have its own
profile, it inherits the profile of the parent shell script, so can copy any files that the
parent shell script's profile can read and write.
20.3 Immunizing cron Jobs
To find programs that are run by cron, inspect your local cron configuration. Unfortu-
nately, cron configuration is rather complex, so there are numerous files to inspect.
Periodic cron jobs are run from these files:
/etc/crontab
/etc/cron.d/*
/etc/cron.daily/*
/etc/cron.hourly/*
/etc/cron.monthly/*
/etc/cron.weekly/*
For root's cron jobs, edit the tasks with crontab -e and list root's cron tasks
with crontab -l. You must be root for these to work.
Once you find these programs, you can use the Add Profile Wizard to create profiles
for them. Refer to
Section 23.1, "Adding a Profile Using the Wizard"
Section 20.4.1, "Immunizing Web Applications"
(page 236).
Section 20.4.2,
(page 267).
Immunizing Programs
231
Advertisement
Table of Contents
Need help?
Do you have a question about the LINUX ENTERPRISE SERVER 11 - SECURITY and is the answer not in the manual?