Hi,

I assume you use encryption for a good reason, if that is so you should not undermine its security by automating it and exposing the passphrase. Security comes with responsibility and it does make life a bit harder....

The solution is simple: Decrypt by hand, or at least make sure you need to give the passphrase by hand if you use some sort of automation. Using cron for this would be out of the question in my book.

If, on the other hand, you are also the root user on that box (and no-one else has root access!!) you can implement it the way you do (I'm sure you can trust yourself ).

Hope this helps.

I think this is my problem. Seems to be working now. Will know this weekend if nothing errors out. Thanks for all the help!

Problem being, Our IT dept is small in comparison to how many users and projects we have to take on. If I can automate this simple routine daily, it saves us from doing one more thing daily. Our box is on a secure network with really only a few people who even know about it. I know there is always the possiblilty of someone finding it and trying to get in, but like I said with limited staff, one less thing to worry about would be great.

Now I'm open to suggestions to secure this while still being automated.

Hi,
If all is cosy and safe at the office why use encryption in the first place?

Implementing security this way is wrong. You are aware that +/- 80% of security related incidents are inside-jobs? Automation is a great thing in general, but it comes at a cost if one isn't careful. Putting security in place and breaking it at the same time isn't smart, especially if the sole reason for it is 'one less thing to worry about'. System admins love automating things, but they should know when not to automate.

But in the end the policies of the company dictate what needs to be done and what not. I do hope the (security) managers of the company you work for are aware of this practise and agree with it, if not you could get into trouble.

BTW: Glad to see you got your original problem solved!

I understand security concern. The file isn't encrypted by choice, the company we get the file does it due to their rules. The data is extracted and put into our ERP system which anyone has access who would want it. I would be more concerned with them hacking into our Database then discovering known data being moved around. Like I said, we monitor activity daily and change passwords to accounts on a regular basis. Again thanks for all the help.

Thanks jsanchez2004! I was having the same issue with Debian (wheezy). Adding -l resolved my issue.

Cheers!
Randall

1 members found this post helpful.

I was having issues running a script using java jar files until I used #!/bin/bash -l. thanks all