Bug 1150541 - AUDIT-1: cronie-anacron: review of cron job file(s): /etc/cron.hourly/0anacron
AUDIT-1: cronie-anacron: review of cron job file(s): /etc/cron.hourly/0anacron
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Security Team bot
E-mail List
:
Depends on:
Blocks: 1150175
  Show dependency treegraph
 
Reported: 2019-09-12 11:52 UTC by Matthias Gerstner
Modified: 2020-01-30 10:33 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Gerstner 2019-09-12 11:52:42 UTC
+++ This bug was initially created as a clone of Bug #1150175
As discussed in the proactive security team we want to restrict the
installation of cron job files in the future. To achieve this we first need to
cover the currently existing packages that do this.

cronie-anacron installs a cron file in /etc/cron.hourly/0anacron. It should be
reviewed and subsequently whitelisted if all is well.
Comment 1 Matthias Gerstner 2019-11-05 14:13:23 UTC
The 0anacron cron job is a rather simple shell script that runs `anacron -s`
if the system is not on battery power and anacron wasn't already run on the
same day.

anacron itself is sufficiently small and safely designed so I have no worries
keeping the cron job in place.
Comment 2 Matthias Gerstner 2020-01-30 10:33:00 UTC
I already added a whitelisting to GitHub, I will soon submit it to Factory as
well. Therefore closing this bug as FIXED.