Encrypting cron emails with S/MIME

Introduction

You might have your server setup in such a way that it runs a few tasks with cron so you don’t have to worry about them. Except.. you should. That is if the scheduled tasks send mission critical information over the internet. Now assume you have some kind of security audit software running like say lynis. You sure don’t want that report in the wrong hands since an attacker could really use that information to break into your server way easier than otherwise.

Assumptions

  • You have a S/MIME Certificate
  • You have root access to your linux web server
  • Your server runs on a recent Ubuntu

Encrypting

There are basically two ways of encrypting emails one is GPG and the other S/MIME. Refer to Encrypting cron emails with GPG if you prefer GPG. If you don’t know GPG I highly recommend checking that out as well since I personally consider it way more secure.

  1.  Upload your S/MIME certificate to /home/smime.pem
  2. Create a file /home/smimecron.sh with following content
    emailTo=example@example.com
    emailFrom=example@example.com
    ifne /usr/bin/openssl smime -encrypt -text -from $emailFrom -to $emailTo -subject cronlog /home/smime.pem | sendmail $emailTo
  3. Make the script executable chmod a+x /home/smimecron.sh
  4. For this script to work we need the program ifne installed. Usually if a command has no output to /dev/stdout or /dev/stderr gpg would encrypt an empty string and you would receive an encrypted email that has no content once decrypted. This would be annoying ifne  prevents this. To install it run.
    apt-get install moreutils
  5. Add the line SMIME_CMD = /home/smimecron.sh  somewhere at the top of your /etc/crontab
  6. Now you can use it by adding  | $SMIME_CMD  after a command something like this:
    * * * * * root echo "test" | $SMIME_CMD

     

  7. WARNING: Everyone with write access to /home/smimecron.sh could GAIN ROOT ACCESS. So make sure only root can write to it.

Fail2Ban Report

Introduction

See where the Attacks against your server come from.

 

Report Layout

The Report will look something like this:

------------------------------------------------------
Server attack statistics for the SSH service

Count, IP, Country
37   121.18.238.104  CN, China
42   221.194.44.231  CN, China
37   221.194.47.208  CN, China
42   221.194.44.195  CN, China
9    180.140.162.115 CN, China
38   121.18.238.98   CN, China
44   221.194.47.224  CN, China
11   180.140.161.30  CN, China
35   121.18.238.114  CN, China
42   121.18.238.109  CN, China
31   119.249.54.71   CN, China
38   221.194.47.249  CN, China
8    91.197.232.109  RU, Russian Federation
36   221.194.44.224  CN, China
14   59.63.166.83    CN, China
16   222.47.26.17    CN, China
------------------------------------------------------

 

Report Script

https://gist.github.com/philippmayrth/9f5b140e3f9dfe56eeaabe09d3e59a3b