|
@@ -1057,6 +1057,35 @@ function install_not_on_BBB {
|
1057
|
1057
|
echo 'install_not_on_BBB' >> $COMPLETION_FILE
|
1058
|
1058
|
}
|
1059
|
1059
|
|
|
1060
|
+function randomize_cron {
|
|
1061
|
+ # The predictable default timing of Debian cron jobs might
|
|
1062
|
+ # be exploitable knowledge. Avoid too much predictability
|
|
1063
|
+ # by randomizing the times when cron jobs run
|
|
1064
|
+ if grep -Fxq "randomize_cron" $COMPLETION_FILE; then
|
|
1065
|
+ return
|
|
1066
|
+ fi
|
|
1067
|
+
|
|
1068
|
+ # randomize the day on which the weekly cron job runs
|
|
1069
|
+ randdow=$(($RANDOM%6+1))
|
|
1070
|
+ sed -i "s/* * 7/* $randdow/g" /etc/crontab
|
|
1071
|
+
|
|
1072
|
+ # randomize the time when the weekly cron job runs
|
|
1073
|
+ randmin=$(($RANDOM%60))
|
|
1074
|
+ randhr=$(($RANDOM%3+1))
|
|
1075
|
+ sed -i "s|47 6|$randmin $randhr|g" /etc/crontab
|
|
1076
|
+
|
|
1077
|
+ # randomize the time when the daily cron job runs
|
|
1078
|
+ randmin=$(($RANDOM%60))
|
|
1079
|
+ randhr=$(($RANDOM%3+4))
|
|
1080
|
+ sed -i "s|25 6\t* * *|$randmin $randhr\t|g" /etc/crontab
|
|
1081
|
+
|
|
1082
|
+ # randomize the time when the hourly cron job runs
|
|
1083
|
+ randmin=$(($RANDOM%60))
|
|
1084
|
+ sed -i "s|17 *\t* * *|$randmin *\t|g" /etc/crontab
|
|
1085
|
+
|
|
1086
|
+ echo 'randomize_cron' >> $COMPLETION_FILE
|
|
1087
|
+}
|
|
1088
|
+
|
1060
|
1089
|
function get_cjdns_public_key {
|
1061
|
1090
|
if [ -f /home/$MY_USERNAME/README ]; then
|
1062
|
1091
|
if grep -q "cjdns public key" /home/$MY_USERNAME/README; then
|
|
@@ -8523,6 +8552,7 @@ change_debian_repos
|
8523
|
8552
|
enable_backports
|
8524
|
8553
|
configure_dns
|
8525
|
8554
|
install_dynamicdns
|
|
8555
|
+randomize_cron
|
8526
|
8556
|
create_freedns_updater
|
8527
|
8557
|
initial_setup
|
8528
|
8558
|
enforce_good_passwords
|