Bug 1150533 - AUDIT-1: atop-daemon: review of cron job file(s): /etc/cron.d/atop
AUDIT-1: atop-daemon: review of cron job file(s): /etc/cron.d/atop
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Security Team bot
E-mail List
Depends on:
Blocks: 1150175
  Show dependency treegraph
Reported: 2019-09-12 11:27 UTC by Matthias Gerstner
Modified: 2020-01-30 10:00 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Gerstner 2019-09-12 11:27:04 UTC
+++ This bug was initially created as a clone of Bug #1150175
As discussed in the proactive security team we want to restrict the
installation of cron job files in the future. To achieve this we first need to
cover the currently existing packages that do this.

atop-daemon install a cron file in /etc/cron.d/atop. It should be reviewed and
subsequently whitelisted if all is well.
Comment 1 Matthias Gerstner 2019-11-04 15:16:49 UTC
I've reviewed the cron job. It calls `systemctl restart atop` which in turn
runs /usr/share/atop/atop.daily. This bash script restarts a potentially
running atop-daemon. It should be safe.

The PIDFILE handling logic might allow to trick it to send a SIGUSR2 to a
process owned by an attacker in some situations. But I don't think that's very
security relevant.
Comment 2 Matthias Gerstner 2020-01-30 10:00:09 UTC
I have already whitelisted this cron job. Everything should be fine. Therefore
closing this bug as FIXED.