Is CRON secure?

security cron

In essence it's secure, but also it is another way for an attacker to, once compromised the system, make some backdoor persistent and/or auto-open it anytime you close it.

You can use the files /etc/cron.allow and /etc/cron.deny to just make your user able to use it. Both have the same format: 1 username per line.

  1. If /etc/cron.allow exists, only the users listed there would be able to have a crontab. No more files are taken into account. Kind of a whitelist.
  2. If /etc/cron.allow does not exist, but /etc/cron.deny does, then anyone but those listed there can have a crontab. Kind of a blacklist.
  3. If neither of them exist, then depending on the UNIX/Linux version then anyone may be allowed to use it, or just the super user (Debian/Ubuntu allow anybody, while redhat based versions seems to only allow root).

In ubuntu by default /etc/cron.deny exists. You can create /etc/cron.allow and put there just your user.

Take into account that these files only manage the users allowed to have a personal crontab (ie. execute crontab -e). The system-wide crontab (/etc/crontab, /etc/cron.d/*, /etc/cron.daily/*. /etc/cron.weekly/*, /etc/cron.monthly/*) will work regardless of the cron.allow/cron.deny files.


Yes, it's secure. Just make sure the scripts you run with it are secure. Review them yourself and give them only the rights they need.

Related

Where to put my backup.sh?
Robocopy failure with Windows Server 2008 Scheduled Task
LDAP Users Home Directories
500 OOPS: SSL: cannot load RSA private key vsftpd
Hard Drives: Always on or spin up/down as needed?
Installed puppetmaster, but why do I get "puppetca: command not found"?
Does it make sense to install online spare memory?
TRIM/UNMAP Zvol over iSCSI
redirect rewritten url using haproxy
IIS stopped logging
What can cause 'Network is unreachable' when the link is up, the route is there, and the netmask is correct?
DMARC failure for delivery report