DistributedNetworksDistributedNetworks





Host Security  «Prev  Next»
Lesson 12 Running automated checks
ObjectiveDescribe the cron facility.

Running Automated Checks in Redhat and Host Security to protect your System from Intruders

Automating the process of security checking is an extremely good idea. It saves you time and effort, and can help to automatically catch problems, even when you forget to check for them manually. Of course, an attacker can disable your security checks, but it is rare that they will find everything that they need to disable.

crond

crond is a daemon that executes commands at scheduled times. It is started at boot up and looks for regularly scheduled jobs by scanning /etc/crontab and /var/spool/cron every minute. For example, scripts in the directory /etc/cron.daily are automatically executed every night.
If a script produces any output, that output is automatically mailed to the administrator.
Daemon: A daemon is a program that waits for a request from another program. The daemon then performs the desired action, such as creating an http session, or opening and maintaining a communications socket. Some common daemons include httpd, telnetd, and ftpd.


Create a cron file

Using crond, it is easy to automate security sweeps for sticky files; simply create a file named /etc/cron.daily/stickyCheck. with the information shown in the MouseOover below:
pos1 pos2 pos3 pos4 pos5 pos6 pos7 pos8 pos9 pos10
securetty
securetty
Create File crond
Once you have created this script, save it and make an executable by issuing the following:
chmod 0700 /etc/cron.daily/stickyCheck. 
This script displays all sticky files whose contents or attributes have been modified within 48 hours. The results of this script will be mailed to root every night.
The next lesson introduces you to RPM verification.