Solaris Unrestricted crontab
* Restrict access to crontab
* Configuration remediation steps
* It is recommended that you switch to a white-list of approved crontab
users. In most circumstances, only the administrator requires this access. Note
that restricting crontab access will still allow existing cron jobs from all
users to execute.
* cd /etc/cron.d
* rm -f cron.deny at.deny
* echo root > cron.allow
* echo root > at.allow
* chown root:sys cron.allow at.allow
The crontab user restriction recommendation is utter nonsense.
One of the major reasons to run UNIX is precisely because it
allows users to run their scripts at regular intervals. As a
multiuser operating system, UNIX is meant to have many users
logged in and doing things. When someone breaks in, it never has
anything to do with being or not being able to run cron. The
attacker has root at that point anyway.
All these audits forget that.
--
Empathy is still a core engineering value.
-------------------------------------------
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription:
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com
