Solved job schedulling question

[fred974]

Hi all,

I am trying to secure my new VM and iI was wondering if enabling root as the only account with the ability to schedule jobs was a good or a bad idea?

echo "root" > /var/cron/allow
echo "root" > /var/at/at.allow
chmod o= /etc/crontab
chmod o= /usr/bin/crontab
chmod o= /usr/bin/at
chmod o= /usr/bin/atq
chmod o= /usr/bin/atrm
chmod o= /usr/bin/batch

 

[junovitch@]

In at(1)
Regarding /var/at/at.allow and /var/at/at.deny:

If neither exists, only the superuser is allowed use of at. This is the default configuration.

It's different for cron(8) where it is allowed by default and crontab(1) entries are kept under /var/cron/tabs/.

In crontab(1)
Regarding /var/cron/allow and /var/cron/deny:

If neither of these files exists, then depending on site-dependent configuration parameters, only the super user will be allowed to use this command, or all users will be able to use this command.

As far as good or bad idea... It comes down to what threat you are prevent. Read up on the security idea of an asset, threat, vulnerability, and risk. What is the threat you are trying to mitigate? If it's worth the effort to do this then do it.