/etc/crontab file issue
-
Hi,
I've set up a quick file integrity script using mtree to store the hashes of a few select files.
One of these is /etc/crontab - so I can monitor if anything gets added or removed. If the hash changes, I'll know the file has changed somehow and can investigate.
However, I've noticed that on reboot this file is re-created (which wouldn't normally be an issue) except that the date/time of creation is stamped into the file which, of course, immediately alters the hash.
e.g.Created: April 25, 2016, 5:13 pmIs there any way to disable the adding of the date stamp? I'm not sure why it's needed since we have the ctime attribute…
Thanks.
-
Is /etc/crontab created on the fly from saved config? And that config could change because of the web interface? That could be a reason why the timestamp is in the file. It may also be possible to grep through the startup code to see what is pushing the timestamp and simply comment it out.
-
@mer:
Is /etc/crontab created on the fly from saved config? And that config could change because of the web interface? That could be a reason why the timestamp is in the file. It may also be possible to grep through the startup code to see what is pushing the timestamp and simply comment it out.
Great suggestion!
I managed to find the function in question (https://github.com/pfsense/pfsense/blob/master/src/etc/inc/services.inc#L2565).
Here is the excerpt:
if (is_array($config['cron']['item'])) { $crontab_contents .= "#\n"; $crontab_contents .= "# " . gettext("pfSense specific crontab entries") . "\n"; /* $crontab_contents .= "# " .gettext("Created:") . " " . date("F j, Y, g:i a") . "\n"; */ <-------------------- COMMENTED OUT THIS LINE $crontab_contents .= "#\n"; if (isset($config['system']['proxyurl']) && !empty($config['system']['proxyurl'])) { $http_proxy = $config['system']['proxyurl']; if (isset($config['system']['proxyport']) && !empty($config['system']['proxyport'])) { $http_proxy .= ':' . $config['system']['proxyport']; } $crontab_contents .= "HTTP_PROXY={$http_proxy}"; } foreach ($config['cron']['item'] as $item) { $crontab_contents .= "\n{$item['minute']}\t"; $crontab_contents .= "{$item['hour']}\t"; $crontab_contents .= "{$item['mday']}\t"; $crontab_contents .= "{$item['month']}\t"; $crontab_contents .= "{$item['wday']}\t"; $crontab_contents .= "{$item['who']}\t"; $crontab_contents .= "{$item['command']}"; } $crontab_contents .= "\n#\n"; $crontab_contents .= "# " . gettext("If possible do not add items to this file manually.") . "\n"; $crontab_contents .= "# " . gettext("If done so, this file must be terminated with a blank line (e.g. new line)") . "\n"; $crontab_contents .= "#\n\n"; }This works as expected.
However, can I ask is it safe to just comment out that line like that or will it screw things up? Should I instead just remove the "date("F j, Y, g:i a")" or something to keep the same number of lines?
-
You could simply ignore that line in the crontab file.
sed '/Created/d' /etc/contabWill display the contents of the file with any lines containing "Created" removed. Pipe that into md5 (or other hash calculator) and you have a hash that should not change with creation date.
sed '/Created/d' /etc/crontab | md5 -
You could simply ignore that line in the crontab file.
sed '/Created/d' /etc/contabWill display the contents of the file with any lines containing "Created" removed. Pipe that into md5 (or other hash calculator) and you have a hash that should not change with creation date.
sed '/Created/d' /etc/crontab | md5Thanks - that's another good suggestion.
In the end I just left the commented out change in settings.inc.
I basically had a run through the PHP function above to see what it is actually doing and with a few quick lookups in the online documentation, figured my change was safe. The "pfSense specific crontab entries" line is the one that needs to remain there due to the array split condition above. :)
Thanks again all.
-
Just remember that your edit to the PHP file may not survive an update. If that file is updated in the repository your change will be overwritten.