Unix/Linux Go Back    


Security Discuss UNIX and Linux computer and network security, cyber security, cyber attacks, IT security, and more.

Cron Logs File Permissions

Security


Closed    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 07-15-2015
MKH MKH is offline
Registered User
 
Join Date: Nov 2014
Last Activity: 20 October 2015, 8:03 PM EDT
Posts: 4
Thanks: 1
Thanked 0 Times in 0 Posts
Cron Logs File Permissions

Are there any security risks in having cron logs readable by all (644)?
We have scheduled some jobs and have issues we want to investigate, but this is justification provided in rejecting our request:
"Cron log will have only read permission for root, we cannot change the permission to make others to read. "
In every *nix environment I have worked, the cron logs have been readable by all.

Is there any valid reason to justify their practice?
Sponsored Links
    #2  
Old Unix and Linux 07-16-2015
rbatte1 rbatte1 is offline Forum Staff  
Root armed
 
Join Date: Jun 2007
Last Activity: 15 September 2017, 11:35 AM EDT
Location: Lancashire, UK
Posts: 3,256
Thanks: 1,389
Thanked 630 Times in 569 Posts
Some might say that it gives output to read that someone could then try to attack, e.g. you can see the jobs that root runs and you can check to see if you have write privilege to them, effectively allowing to do anything - change passwords, copy SSH keys, delete critical data, copy sensitive data,....... Linux

The people keeping the restriction might be persuaded to extract the records for the account you are trying to run with. A simple grep would probably do the trick. Linux

They could even schedule it each day with, um, cron I suppose. Linux




Robin
The Following User Says Thank You to rbatte1 For This Useful Post:
MKH (07-16-2015)
Sponsored Links
    #3  
Old Unix and Linux 07-16-2015
sea sea is offline
Registered User
 
Join Date: Sep 2013
Last Activity: 14 October 2016, 2:49 PM EDT
Location: Swissh
Posts: 1,285
Thanks: 256
Thanked 226 Times in 209 Posts
Are you sure you didnt mix the cron jobs (- logs) of the user and root?

As USER:

Code:
crontab -l

# And compare with ::

su -c "crontab -l"

Me dont have cron installed on this machine, and not used cron on arch yet anyhow....
So i dont recall where the user-cron-logs are saved (or if they are the same, dont think so).

hth
Sponsored Links
Closed

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
How to disable cron emails, but only for logrotate only not for other logs? kenshinhimura Shell Programming and Scripting 3 04-08-2015 04:54 PM
Setting default permissions without umask or cron jobs Karunamon Shell Programming and Scripting 2 05-24-2012 11:46 AM
ksh; Change file permissions, update file, change permissions back? right_coaster Shell Programming and Scripting 3 09-30-2011 08:59 AM
File Permissions conflict with Cron RexJacobus UNIX for Dummies Questions & Answers 3 03-29-2009 05:13 PM
AIX and cron logs filtering ?: /etc/cronlog.conf, /var/adm/cron/log Keith Johnson AIX 0 01-09-2008 07:32 PM



All times are GMT -4. The time now is 03:30 AM.