From 1c52727b715dab56ae2ffbc70d4454442114ee9c Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Tue, 10 Mar 2015 18:59:26 +0000
Subject: [PATCH] Randomize default cron job timings

---
 src/freedombone | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/src/freedombone b/src/freedombone
index a545413a..0ae53733 100755
--- a/src/freedombone
+++ b/src/freedombone
@@ -1057,6 +1057,35 @@ function install_not_on_BBB {
   echo 'install_not_on_BBB' >> $COMPLETION_FILE
 }
 
+function randomize_cron {
+  # The predictable default timing of Debian cron jobs might
+  # be exploitable knowledge. Avoid too much predictability
+  # by randomizing the times when cron jobs run 
+  if grep -Fxq "randomize_cron" $COMPLETION_FILE; then
+      return
+  fi
+
+  # randomize the day on which the weekly cron job runs
+  randdow=$(($RANDOM%6+1))
+  sed -i "s/* * 7/* $randdow/g" /etc/crontab
+
+  # randomize the time when the weekly cron job runs
+  randmin=$(($RANDOM%60))
+  randhr=$(($RANDOM%3+1))
+  sed -i "s|47 6|$randmin $randhr|g" /etc/crontab
+
+  # randomize the time when the daily cron job runs
+  randmin=$(($RANDOM%60))
+  randhr=$(($RANDOM%3+4))
+  sed -i "s|25 6\t* * *|$randmin $randhr\t|g" /etc/crontab
+
+  # randomize the time when the hourly cron job runs
+  randmin=$(($RANDOM%60))
+  sed -i "s|17 *\t* * *|$randmin *\t|g" /etc/crontab
+
+  echo 'randomize_cron' >> $COMPLETION_FILE
+}
+
 function get_cjdns_public_key {
   if [ -f /home/$MY_USERNAME/README ]; then
       if grep -q "cjdns public key" /home/$MY_USERNAME/README; then
@@ -8523,6 +8552,7 @@ change_debian_repos
 enable_backports
 configure_dns
 install_dynamicdns
+randomize_cron
 create_freedns_updater
 initial_setup
 enforce_good_passwords