Encrypting cron emails with S/MIME


You might have your server setup in such a way that it runs a few tasks with cron so you don’t have to worry about them. Except.. you should. That is if the scheduled tasks send mission critical information over the internet. Now assume you have some kind of security audit software running like say lynis. You sure don’t want that report in the wrong hands since an attacker could really use that information to break into your server way easier than otherwise.


  • You have a S/MIME Certificate
  • You have root access to your linux web server
  • Your server runs on a recent Ubuntu


There are basically two ways of encrypting emails one is GPG and the other S/MIME. Refer to Encrypting cron emails with GPG if you prefer GPG. If you don’t know GPG I highly recommend checking that out as well since I personally consider it way more secure.

  1.  Upload your S/MIME certificate to /home/smime.pem
  2. Create a file /home/smimecron.sh with following content
    ifne /usr/bin/openssl smime -encrypt -text -from $emailFrom -to $emailTo -subject cronlog /home/smime.pem | sendmail $emailTo
  3. Make the script executable chmod a+x /home/smimecron.sh
  4. For this script to work we need the program ifne installed. Usually if a command has no output to /dev/stdout or /dev/stderr gpg would encrypt an empty string and you would receive an encrypted email that has no content once decrypted. This would be annoying ifne  prevents this. To install it run.
    apt-get install moreutils
  5. Add the line SMIME_CMD = /home/smimecron.sh  somewhere at the top of your /etc/crontab
  6. Now you can use it by adding  | $SMIME_CMD  after a command something like this:
    * * * * * root echo "test" | $SMIME_CMD


  7. WARNING: Everyone with write access to /home/smimecron.sh could GAIN ROOT ACCESS. So make sure only root can write to it.

Fail2Ban Report


See where the Attacks against your server come from.


Report Layout

The Report will look something like this:

Server attack statistics for the SSH service

Count, IP, Country
37  CN, China
42  CN, China
37  CN, China
42  CN, China
9 CN, China
38   CN, China
44  CN, China
11  CN, China
35  CN, China
42  CN, China
31   CN, China
38  CN, China
8  RU, Russian Federation
36  CN, China
14    CN, China
16    CN, China


Report Script