One of the key aspects of ensuring robust security practices on systems is restricting crontab access, and only giving access to trusted persons. A cron is a time-based job scheduler in Linux operating systems used to automate backups, make desired updates and installations, and general system maintenance. Two types of access restrictions are involved.
1. Allow access to specified users
Having created a team on Linux systems, there is a great need to give only designated users access to some services. In a previous guide, we covered How to create a user in Linux. To allow access to a user;
echo "username" | sudo tee -a /etc/cron.allow #replace username with the name of the user
2. Deny Access to Unauthorized Users
To deny access to some users:
echo "username" | sudo tee -a /etc/cron.deny #replace username with an existing userHaving made the above updates, ensure to update the cron file permission and ownership. The root user should own the files, and you should restrict the files to permission 644.
sudo chown root:root /etc/cron.allow /etc/cron.deny
sudo chmod 644 /etc/cron.allow /etc/cron.deny
The changes will take effect the next time you restart the cron daemon or when a user creates/edits a new crontab job. We recommend testing the changes in a non-production environment before applying them to a production system.
How to restart the Cron Daemon
Once you configure the controls, restart the cron daemon to apply the changes.
sudo systemctl restart cron #For systems using systemd
sudo service cron restart #For systems using init.d
Besides restricting crontab access, see a list of some other security measures that you can apply to a system to enhance its security posture:
- Firewall Configuration
- Regular Software Updates
- User Authentication and Authorization
- Intrusion Detection and Prevention Systems (IDS/IPS)
- Filesystem Permissions
- Backup and Disaster Recovery
- Disable Unnecessary Services
- Secure Remote Access
Make a donation to support us
Related articles:
- A Practical Tutorial for Dockerizing Software Applications
- How to Configure a Docker App to a Domain Name
- Getting Started with Docker | Docker commands
- How To Run Scripts in Linux
- Deploy a Django Application on EC2 Instance with Nginx
- How to configure a domain to a docker container and install an SSL certificate on AWS
