Host Security to protect your System from Intruders
Automating the process of security checking is an extremely good idea. It saves you time and effort, and can help to automatically catch problems, even when you forget to check for them manually.
Of course, an attacker can disable your security checks, but it is rare that they will find everything that they need to disable.
crond is a daemon that executes commands at scheduled times.
It is started at boot up and looks for regularly scheduled jobs by scanning /etc/crontab and
/var/spool/cron every minute. For example, scripts in the directory
/etc/cron.daily are automatically executed every night.
If a script produces any output, that output is automatically mailed to the administrator.
Daemon: A daemon is a program that waits for a request from another program. The daemon then performs the
desired action, such as creating an http session, or opening and maintaining a communications socket. Some common daemons include httpd,
telnetd, and ftpd.
Create a cron file
Using crond, it is easy to automate security sweeps for sticky files; simply create a file named /etc/cron.daily/stickyCheck.
with the information shown in the MouseOover below:
This command simply displays a description of the activity, which in this case is Recent Sticky Files
find / -perm -6000
Use the find command to locate sticky files
Looks for files whose mode has changed
Looks for files that have been modified
Checks if the file was created or modified within the last two days
(each 2 represents 2 days or 48 hours)
( -or )
Groups the search parameters so that they are evaluated together, rather than separately
This tells you that you have reached the end of the file listing.
Create File crond
Once you have created this script, save it and make an executable by issuing the following:
chmod 0700 /etc/cron.daily/stickyCheck.
This script displays all sticky files whose contents or attributes have been modified within 48 hours. The results of this script will be mailed to root every night.
The next lesson introduces you to RPM verification.