Re: Creating a randomized cron entry

To: debian-mentors@lists.debian.org
Subject: Re: Creating a randomized cron entry
From: Florian Weimer <fw@deneb.enyo.de>
Date: Mon, 19 Dec 2005 22:54:23 +0100
Message-id: <87slso92i8.fsf@mid.deneb.enyo.de>
In-reply-to: <87acf223bk.fsf@mid.deneb.enyo.de> (Florian Weimer's message of "Thu, 15 Dec 2005 09:05:03 +0100")
References: <87acf223bk.fsf@mid.deneb.enyo.de>

For future reference, here's what I've implemented in debsecan:

There is a script, /usr/sbin/debsecan-create-cron, which creates a
file /etc/cron.d/debsecan (if it does not exist yet).  The file
contains a line "# AUTOMATICALLY GENERATED", and if this line is found
in the file, it will be removed when the package is purged.

The cron entry contains a randomized minute, and requests execution
every hour.  debsecan itself checks if it hasn't run during the same
day (local time), and if it's past 2am.  Only then the vulnerability
data is downloaded, and processing continues.

This doesn't deal with systems which aren't online for at least 60
minutes in a row, but on such systems, it's probably not a good idea
to download 70K of data automatically anyway.

(I will add a debconf question (medium priority, default yes) and
create the cron entry automatically if the user doesn't object -- but
first, I have to get rid of that dreaded --suite parameter.  I've
discovered how to approach is problem, but I haven't written any code
yet.)

Reply to:

References:
- Creating a randomized cron entry
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: Proposal for collaborative maintenance of packages
Next by Date: Re: Creating a randomized cron entry
Previous by thread: Re: Creating a randomized cron entry
Next by thread: possibly undefined macro: AS_FOR_TARGET
Index(es):
- Date
- Thread