Randomize default cron job timings

2015-03-10 18:59:26 +00:00 · 2015-03-10 18:59:26 +00:00 · 1c52727b71
parent 5a60a8f29d
commit 1c52727b71
1 changed files with 30 additions and 0 deletions
--- a/src/freedombone
+++ b/src/freedombone
@ -1057,6 +1057,35 @@ function install_not_on_BBB {
  echo 'install_not_on_BBB' >> $COMPLETION_FILE
 }

+function randomize_cron {
+  # The predictable default timing of Debian cron jobs might
+  # be exploitable knowledge. Avoid too much predictability
+  # by randomizing the times when cron jobs run 
+  if grep -Fxq "randomize_cron" $COMPLETION_FILE; then
+      return
+  fi
+
+  # randomize the day on which the weekly cron job runs
+  randdow=$(($RANDOM%6+1))
+  sed -i "s/* * 7/* $randdow/g" /etc/crontab
+
+  # randomize the time when the weekly cron job runs
+  randmin=$(($RANDOM%60))
+  randhr=$(($RANDOM%3+1))
+  sed -i "s|47 6|$randmin $randhr|g" /etc/crontab
+
+  # randomize the time when the daily cron job runs
+  randmin=$(($RANDOM%60))
+  randhr=$(($RANDOM%3+4))
+  sed -i "s|25 6\t* * *|$randmin $randhr\t|g" /etc/crontab
+
+  # randomize the time when the hourly cron job runs
+  randmin=$(($RANDOM%60))
+  sed -i "s|17 *\t* * *|$randmin *\t|g" /etc/crontab
+
+  echo 'randomize_cron' >> $COMPLETION_FILE
+}
+
 function get_cjdns_public_key {
  if [ -f /home/$MY_USERNAME/README ]; then
      if grep -q "cjdns public key" /home/$MY_USERNAME/README; then
@ -8523,6 +8552,7 @@ change_debian_repos
 enable_backports
 configure_dns
 install_dynamicdns
+randomize_cron
 create_freedns_updater
 initial_setup
 enforce_good_passwords