Introduction
You might have your server setup in such a way that it runs a few tasks with cron so you don’t have to worry about them. Except.. you should. That is if the scheduled tasks send mission critical information over the internet. Now assume you have some kind of security audit software running like say lynis. You sure don’t want that report in the wrong hands since an attacker could really use that information to break into your server way easier than otherwise.
Assumptions
- You have a S/MIME Certificate
- You have root access to your linux web server
- Your server runs on a recent Ubuntu
Encrypting
There are basically two ways of encrypting emails one is GPG and the other S/MIME. Refer to Encrypting cron emails with GPG if you prefer GPG. If you don’t know GPG I highly recommend checking that out as well since I personally consider it way more secure.
- Upload your S/MIME certificate to /home/smime.pem
- Create a file /home/smimecron.sh with following content
emailTo=example@example.com emailFrom=example@example.com ifne /usr/bin/openssl smime -encrypt -text -from $emailFrom -to $emailTo -subject cronlog /home/smime.pem | sendmail $emailTo - Make the script executable chmod a+x /home/smimecron.sh
- For this script to work we need the program ifne installed. Usually if a command has no output to /dev/stdout or /dev/stderr gpg would encrypt an empty string and you would receive an encrypted email that has no content once decrypted. This would be annoying ifne prevents this. To install it run.
apt-get install moreutils - Add the line SMIME_CMD = /home/smimecron.sh somewhere at the top of your /etc/crontab
- Now you can use it by adding | $SMIME_CMD after a command something like this:
* * * * * root echo "test" | $SMIME_CMD