Unix/Linux Go Back    


Security Discuss UNIX and Linux computer and network security, cyber security, cyber attacks, IT security, and more.

Cron Logs File Permissions

Security


Closed    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 07-15-2015   -   Original Discussion by MKH
MKH MKH is offline
Registered User
 
Join Date: Nov 2014
Last Activity: 20 October 2015, 8:03 PM EDT
Posts: 4
Thanks: 1
Thanked 0 Times in 0 Posts
Cron Logs File Permissions

Are there any security risks in having cron logs readable by all (644)?
We have scheduled some jobs and have issues we want to investigate, but this is justification provided in rejecting our request:
"Cron log will have only read permission for root, we cannot change the permission to make others to read. "
In every *nix environment I have worked, the cron logs have been readable by all.

Is there any valid reason to justify their practice?
Sponsored Links
    #2  
Old Unix and Linux 07-16-2015   -   Original Discussion by MKH
rbatte1 rbatte1 is offline Forum Staff  
Root armed
 
Join Date: Jun 2007
Last Activity: 17 November 2017, 12:53 PM EST
Location: Lancashire, UK
Posts: 3,365
Thanks: 1,453
Thanked 665 Times in 598 Posts
Some might say that it gives output to read that someone could then try to attack, e.g. you can see the jobs that root runs and you can check to see if you have write privilege to them, effectively allowing to do anything - change passwords, copy SSH keys, delete critical data, copy sensitive data,....... Linux

The people keeping the restriction might be persuaded to extract the records for the account you are trying to run with. A simple grep would probably do the trick. Linux

They could even schedule it each day with, um, cron I suppose. Linux




Robin
The Following User Says Thank You to rbatte1 For This Useful Post:
MKH (07-16-2015)
Sponsored Links
    #3  
Old Unix and Linux 07-16-2015   -   Original Discussion by MKH
sea sea is offline
Registered User
 
Join Date: Sep 2013
Last Activity: 14 October 2016, 2:49 PM EDT
Location: Swissh
Posts: 1,285
Thanks: 256
Thanked 226 Times in 209 Posts
Are you sure you didnt mix the cron jobs (- logs) of the user and root?

As USER:

Code:
crontab -l

# And compare with ::

su -c "crontab -l"

Me dont have cron installed on this machine, and not used cron on arch yet anyhow....
So i dont recall where the user-cron-logs are saved (or if they are the same, dont think so).

hth
Sponsored Links
Closed

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
How to disable cron emails, but only for logrotate only not for other logs? kenshinhimura Shell Programming and Scripting 3 04-08-2015 05:54 PM
Setting default permissions without umask or cron jobs Karunamon Shell Programming and Scripting 2 05-24-2012 12:46 PM
ksh; Change file permissions, update file, change permissions back? right_coaster Shell Programming and Scripting 3 09-30-2011 09:59 AM
File Permissions conflict with Cron RexJacobus UNIX for Dummies Questions & Answers 3 03-29-2009 06:13 PM
AIX and cron logs filtering ?: /etc/cronlog.conf, /var/adm/cron/log Keith Johnson AIX 0 01-09-2008 08:32 PM



All times are GMT -4. The time now is 03:44 AM.