LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 11-02-2006, 12:59 AM   #1
Old_Fogie
Senior Member
 
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,515

Rep: Reputation: 62
Slackware's Cron Scheduler: I'm thinking maybe I need to put in a different cron?


Hi all,

Using the new chrootkit reports that the nobody user is in one way or another tied into the crontab, which apparently some worm is known to attack.

I've seen some recommend creating a group for cron and assigning the users, then chmod the crontab binary to the new cron group. Other distror's have the cron.deny and cron.allow and we don't in slack 11.0 and suspect that might be a good thingie to have.

I did a find on my "/" for user nobody for files and a default noob install of slack 11 with huge 26 kernel yeilds 2 files in /sys that are owned by 'nobody' as well.

I'd like to know if I can remove nobody and put a different cron in my slack 11.0

I'm concerned about 'nobody' in my boxen as I see in past years that slackware (&other distro's) had security exploits running services, daemons as the nobody account.

Another reason I'm thinking of doing this is that I turn off my pc when not using it so cron doesnt run it jobs.

Has anyone had any experience removing 'nobody' and putting in a different cron scheduler? Will it break me? Any recommendations?

Thanks in advance.
 
Old 11-02-2006, 06:46 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,987
Blog Entries: 54

Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
Using the new chrootkit reports that the nobody user is in one way or another tied into the crontab, which apparently some worm is known to attack.
Lupper worm to be exactly which is a 2005-ish XML-RPC and Awstats thing so not some new outbreak AFAIK, see http://cve.mitre.org/cgi-bin/cvename...=CVE-2005-0116 and http://cve.mitre.org/cgi-bin/cvename...=CVE-2005-1921.


Other distro's have the cron.deny and cron.allow and we don't in slack 11.0
Because of defaulting to Dcron. Vixie should be available though.


I'd like to know if I can remove nobody
If listing nobody's crontab shows it's not used for doing system stuff and if /etc/groups show crontab group membership you could remove nobody from that group.
 
Old 11-03-2006, 05:21 AM   #3
Old_Fogie
Senior Member
 
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,515

Original Poster
Rep: Reputation: 62
Thank you unspawn. I'm gonna give removing noboday a try and see what happens. I don't see the crontab showing any tasks, /etc/groups doesn't show nobody either. I do have those two files owned by 'nobody' and they change every boot. So I'm gonna image the pc and give it a shot.

I was wondering, do you have any experience with 'fcron' ? It appears from their site (i stumbled on it looking for vixie as I google'd) that they are actively developing it, and for a user like me, who shuts down every day it may keep those tasks of "updatedb" that slack11 schedules as default to run, and I can supposedly set a 'nice' level to it. That sounds pretty neat, but I didnt know if you had any experiences you might like to share at all

thanks again.
 
Old 11-03-2006, 06:03 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,987
Blog Entries: 54

Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
You don't have to "image" the machine, just tarball up the offending files.

No experience with Fcron here. A quick tour of the CVE could show another way of decising which crond to use: it shows dcron to have 0 vulns in 2006, fcron had 2 and vixie 1. Something *I* stumbled on while looking for more info was that Vixie appears to allow notations like "@reboot" and "@yearly". Useful.

As far as renicing jobs goes you could start your script with a renice line. I use Bash and a central source file which contains functions like:
Code:
reniceSelf() { local nicelevel="$1"; renice "${nicelevel:=+10}" -p $$ >/dev/null 2>&1; }
So I'll just call "reniceSelf" from within the script or "reniceSelf -5" if the default isn't good enough.
 
Old 11-03-2006, 06:13 AM   #5
Old_Fogie
Senior Member
 
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,515

Original Poster
Rep: Reputation: 62
You don't have to "image" the machine, just tarball up the offending files

I'm still so stuck in my windows ways, trying to break the habbits.

Thanks for the feedback on vixie, I'm going to give that a shot then, and the reniceself looks really promising too. Presently slackware's 'updatedb' via cron is a doozy for performance on some of my really old machines, and I want to add in the aide, rkhunter, ossec and logwatch so that should really help having that.

Thanks again.
 
Old 11-03-2006, 06:25 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,987
Blog Entries: 54

Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
I'm still so stuck in my windows ways, trying to break the habbits.
Well, if you mean being *cautious* that's not bad. If you value the machine and the time you invested in it you should make regular backups anyway, just use a scheme that allows for full + incremental ones.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
shell script using /etc/cron.hourly to execute cron.php file? rioguia Programming 3 06-11-2008 08:09 AM
Can any one plz explain why/what for cron.d, cron.daily, cron.weekly etc are there. mavinashbabu Linux - Newbie 4 09-21-2006 01:50 PM
cron.allow and cron.deny in slackware? tl64 Slackware 5 10-13-2005 09:44 PM
[cron][mdk9.1]cron deamon seems to ignore some task... yannrichet Linux - Newbie 5 06-26-2003 09:57 AM
dual entries in cron log for cron.daily cpharvey Linux - General 3 02-27-2003 02:30 PM


All times are GMT -5. The time now is 01:00 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration