Host Security  «Prev  Next»

Lesson 12 Running automated checks
ObjectiveDescribe the cron facility.

Running Automated Checks in Redhat

Host Security to protect your System from Intruders

Automating the process of security checking is an extremely good idea. It saves you time and effort, and can help to automatically catch problems, even when you forget to check for them manually. Of course, an attacker can disable your security checks, but it is rare that they will find everything that they need to disable.

crond

crond is a daemon that executes commands at scheduled times. It is started at boot up and looks for regularly scheduled jobs by scanning /etc/crontab and /var/spool/cron every minute. For example, scripts in the directory /etc/cron.daily are automatically executed every night.
If a script produces any output, that output is automatically mailed to the administrator.
Daemon: A daemon is a program that waits for a request from another program. The daemon then performs the desired action, such as creating an http session, or opening and maintaining a communications socket. Some common daemons include httpd, telnetd, and ftpd.

Create a cron file

Using crond, it is easy to automate security sweeps for sticky files; simply create a file named /etc/cron.daily/stickyCheck. with the information shown in the MouseOover below:
Linux Crond/ con.daily/stickyCheck

  1. This command simply displays a description of the activity, which in this case is Recent Sticky Files
  2. find / -perm -6000
    
    Use the find command to locate sticky files
  3. -ctime
    
    Looks for files whose mode has changed
  4. -mtime
    
    Looks for files that have been modified
  5. -2    -2
    
    Checks if the file was created or modified within the last two days (each 2 represents 2 days or 48 hours)
  6. (   -or   )
    
    Groups the search parameters so that they are evaluated together, rather than separately
  7. echo:: END
    
    This tells you that you have reached the end of the file listing.
Create File crond
Once you have created this script, save it and make an executable by issuing the following:
chmod 0700 /etc/cron.daily/stickyCheck. 

This script displays all sticky files whose contents or attributes have been modified within 48 hours. The results of this script will be mailed to root every night.
The next lesson introduces you to RPM verification.