Hi.
You might try:
Linux System Security
ISBN: 0-13-015807-0
Authors: Scott Mann & Ellen L. Mitchell
The Tiger security program is covered pretty well. On page 362,
they explain the check_cron script along with several others.
In fact, pages 341 - 379 are all about Tiger ( where to obtain it, installation, configuration, etc. ). The book is quite good as it covers many security tools in detail.
Hope this helps,
-DK
| [reply] |
I've used Tiger in the past (been a while) but not lately. Are you wanting to check the binaries/scripts run from a crontab for world writeable permissions? If so, you might be safer doing something to just check all executable files for such. Something along the lines of find / -perm o+wx -exec ls -l {} \; might do it; this is off the top of my head so verify with the man page.
Dunno for sure that that would work but it probably would be a better idea. Parsing out the filename from the crontab entry is potentially complicated and could miss similar attack vectors (ie ok maybe the altered executable doesn't get executed via cron but the victim user runs it by hand not realizing that someone else has altered it).
And as suggested, this question probably fits better on a security forum (check out the mailing lists at securityfocus.com, for instance). | [reply]
[d/l] |
Nope. Have not heard of it. You might get a better answer on a security board/group then here.
Question? Why not write a perl script to do that?
| [reply] |
That would be my last option, since parsing through the crontab entries is very complicated. That's why I wanted to try out a program that already does this.
| [reply] |