Randomize default cron job timings

This commit is contained in:
Bob Mottram 2015-03-10 18:59:26 +00:00
parent 5a60a8f29d
commit 1c52727b71
1 changed files with 30 additions and 0 deletions

View File

@ -1057,6 +1057,35 @@ function install_not_on_BBB {
echo 'install_not_on_BBB' >> $COMPLETION_FILE
}
function randomize_cron {
# The predictable default timing of Debian cron jobs might
# be exploitable knowledge. Avoid too much predictability
# by randomizing the times when cron jobs run
if grep -Fxq "randomize_cron" $COMPLETION_FILE; then
return
fi
# randomize the day on which the weekly cron job runs
randdow=$(($RANDOM%6+1))
sed -i "s/* * 7/* $randdow/g" /etc/crontab
# randomize the time when the weekly cron job runs
randmin=$(($RANDOM%60))
randhr=$(($RANDOM%3+1))
sed -i "s|47 6|$randmin $randhr|g" /etc/crontab
# randomize the time when the daily cron job runs
randmin=$(($RANDOM%60))
randhr=$(($RANDOM%3+4))
sed -i "s|25 6\t* * *|$randmin $randhr\t|g" /etc/crontab
# randomize the time when the hourly cron job runs
randmin=$(($RANDOM%60))
sed -i "s|17 *\t* * *|$randmin *\t|g" /etc/crontab
echo 'randomize_cron' >> $COMPLETION_FILE
}
function get_cjdns_public_key {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "cjdns public key" /home/$MY_USERNAME/README; then
@ -8523,6 +8552,7 @@ change_debian_repos
enable_backports
configure_dns
install_dynamicdns
randomize_cron
create_freedns_updater
initial_setup
enforce_good_passwords