System Integrity The numbers specify when cron should run the command described by the rest of the line. There are five fields which are, from left to right, minute, hour, day of month, month, and day of week. Where an asterisk is used, this means “I don’t care”. So the four scheduled jobs in the default Red Hat Linux 9 crontab are run at the following times: Scheduled Time Interpretation 01 * * * * 01 minutes past each hour 02 4 * * * 04:02 every day 22 4 * * 0 04:22 every Sunday (1=Monday, 2=Tuesday, etc., Sunday=0 or 7) 42 4 1 * * 04:42 on the 1st day of every month The jobs are essentially similar; run the run-parts script as root and pass the name of a directory (e.g. /etc/cron. hourly for the job run at 1 minute past each hour). The run-parts script simply runs every executable file it finds in the directory that it is given (except files ending in the characters ~ or ,, and a few other exceptions). If we look in the /etc/cron. daily directory, we’ll see a file called 00-logwatch, which is a symbolic link to the logwatch command. All this means that, at 04:02 every day, the root user will be mailed a message containing summaries of important information entered into various log files in /var/log the previous day. This is all set up for us when Red Hat Linux is installed, but now we know how it works, we can adjust the configuration to suit. If, for example, we’d like more information in the messages, we can simply edit /etc/log.d/logwatch.conf and change the Detail = Low line to Detail = High. Maybe we’d like the message to be sent at a different time, say 00:15. Easy -just delete the file 00-logwatch from /etc/cron.daily (so the 04:02 daily cron job no longer runs) and add the following line to /etc/crontab: 15 00 * * * root /usr/sbin/logwatch It’s as simple as that. System Integrity Once a hacker has gained access to a system, they will often want to install modified versions of system files to ensure their continued access and to gather more information that will help them achieve their objectives. If our security analysis has identified this threat as one we need to consider, we need to have some means of identifying when our system may have been compromised in this way, so we can take remedial action (restore the compromised file from a trusted backup). But if we’re checking the system for modified files, we’ll not only identify files modified by intruders, we’ll also identify files that may have been inadvertently modified by authorized individuals, or that have become corrupt due to hardware problems (e.g. bad blocks appearing on disk drives). Enter tripwire… Tripwire Tripwire is an Open Source system integrity checker that is available for Red Hat Linux. It is a useful weapon in the system administrator’s armory, so this section will take you through obtaining it and setting it up. Note that when Tripwire scans the system to detect changes, it’s doing a lot of work and will hit the processor(s) and file I/O hard. 409
Hint: If you are looking for high quality webhost to host and run your jsp application check Vision web hosting jsp services