Section 16.16 Cron: Watching the Crackers

   


16.16 Cron: Watching the Crackers

The cron facility is very helpful for periodically doing the various analyses necessary for a SysAdmin to detect problems on a system. Having it do periodic analysis on log files is an excellent idea. The following root crontab entry is illustrative. (To use this, you will need to remove the "\" and the following newline character.)

 
 0 9 * * * /bin/grep -v demuxprotrej: /var/adm/secure \ | tail -500 | mailx -s \ 'research.pentacorp security report' bob@pentacorp.com 

In this case, ignore demuxprotrej: warnings that you do not care about.

Additional grep commands could be used to search or ignore additional items. Keep in mind that crackers can use crontabs similarly against you. Although I have not heard of it being done, a cracker could use a crontab entry to periodically invoke a Trojan horse. Unless the crontab entries are studied, this is hard to detect because most of the time there will be no evil process running. He even could invoke a standard program for this purpose so searches for Trojan programs will turn up nothing. Certainly, this is a job for Tripwire.


   
Top


Real World Linux Security Prentice Hall Ptr Open Source Technology Series
Real World Linux Security Prentice Hall Ptr Open Source Technology Series
ISBN: N/A
EAN: N/A
Year: 2002
Pages: 260

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net