These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for What are these crontab programs doing? on the new forum.
What are the functions of each of these crontab programs?
Being a security freak and no documentation about any crontab additions I disabled all of these until some sort of info is given about them.
/etc/webmin/virtual-server/sendratings.pl
/etc/webmin/virtual-server/spamclear.pl
/etc/webmin/virtual-server/maillog.pl
/etc/webmin/virtual-server/spamconfig.pl
/etc/webmin/virtual-server/collectinfo.pl
/etc/webmin/virtual-server/fcgiclear.pl
/etc/webmin/virtual-server/licence.pl
Hey Scott,
Trust us.
Just kidding, of course. I agree that they should all be documented, and I'll make sure they get documented in the new Virtualmin wiki.
In the meantime, here's a rundown of exactly what they all do, and identifies the two that phone home and why:
/etc/webmin/virtual-server/sendratings.pl - Updates Install Script ratings (the little star indicators). This is so your users can know what the best rated scripts are. Disabling it is harmless, but you won't get ratings and your ratings won't be applied to the Virtualmin.com total. It's just a fun feature that we think gives some extra value to the Install Scripts module--it helps answer the question, that I'm sure many of your users have, "Which wiki/blog/whatever script is the most popular one?". This script phones home (home being Virtualmin.com) periodically, and only shares ratings data. Ideally we'll add a way to review scripts in more detail on Virtualmin.com in the not too distant future.
/etc/webmin/virtual-server/spamclear.pl - Deletes old spam from users spam folders, if they've opted to do so. Disabling it means your users need to manually empty their spam folder periodically (or just take up a lot of space). It is likely this will also become a "learning" tool so that everyones spam is used to train a system-wide, and possibly world-wide, statistical analysis tool, like the Bayesian filter in SpamAssassin or CRM114 (in the future). It does not phone home, but we may add an option to have it phone home for aggregated anonymized corpus support (gmail is so good with spam prevention because they have so many users helping refine their filters...Virtualmin email users number in the tens of thousands now, and that'll only increase going forward...it could be a very effective mechanism for spotting spam).
/etc/webmin/virtual-server/maillog.pl - Analyses mail usage for the new mail reporting features. Disabling it means you won't be able to use the mail reporting features. These will be getting quite a bit more advanced over time. This does not phone home and will never have any reason to do so.
/etc/webmin/virtual-server/spamconfig.pl - I'm actually not sure why this is a cronjob rather than a one-time thing on SpamAssassin config updates, but I assume Jamie knows better than I when it needs to run to keep things spinning nicely. I guess it's to allow editing of the file directly. Basically it syncs up changes from the global config to the per-domain configs. It does not phone home and would never have any reason to do so.
/etc/webmin/virtual-server/collectinfo.pl - Builds the database from which the System Information page is built. If you disable it, system information will not be up to date, or will be built from scratch every time you load the page. It doesn't phone home, currently, but probably will in the future to enable a number of monitoring tools we're building for Virtualmin.com. The monitoring stuff will be optional, but we believe it'll be very useful (and actually mirrors, for free, a major feature of one of our upcoming products).
/etc/webmin/virtual-server/fcgiclear.pl - Cleans up old fcgi processes. This is a side effect of a few buggy mod_fcgid versions and php scripts out there. We'll hopefully get to the point where this script never finds anything to prune among the scripts that we install, but we'll never have control over all scripts and applications that might need minding. If you aren't seeing fcgi processes hanging around for a long time, disabling it is harmless. If you find that a few days later, you have dozens or hundreds of stray fcgi/php scripts hanging around, you might consider re-enabling it. Obviously, this has no reason to phone home.
/etc/webmin/virtual-server/licence.pl - This one keeps up with your license. Disabling it will trigger a license warning on the System Information page. It's going to become more interesting in the near future, as we begin integrating our license manager with the new status monitoring application mentioned above. This script phones home periodically, but only sends/receives license data. Disabling it is going to confuse our licensing system and cause problems with updates, so even if you disable everything else, you need to keep this one running.
In short, we're not getting all up in your business. ;-)
All but the licence.pl are doing minor housekeeping work so that you don't have to do it manually (or so that you don't have to wait while it happens in real-time whenever you load a page). licence.pl takes the place of more intrusive mechanisms of license checks that our competitors use (as you may know, ours doesn't shut down your system in the event of an expired license, and we don't tie you to specific IP and make you call us or contact us to move to another server). In fact, if you've ever had to think about our licensing mechanisms (aside from paranoia over the cronjob), then we consider it a bug and we'll figure out how to make it less obtrusive.
Holler if clarity is lacking on any of these. We're not hiding anything (and the source is all there, so anyone who thinks we might be hiding something sinister can dig in for a closer look).
--
Check out the forum guidelines!
I got a suggestion for the license monitoring. Instead of a cron job which is really useless why not a trigger each time VM is accessed? Say once a day it checks instead of a cronjob.
As for anything that "phones home" those programs should be listed in a full discloser area and listed in the privacy policy that guarantees that no personal information is being collected. Users will be paranoid about anything that "phones home".
Overall you should at least comment the files to explain what they are needed for.
According to my crontab file, the license script is already only run once per day. I think it certainly better to have it run as a cron job at a specific scheduled time, rather than each time VM is accessed. If it is triggered by a VM access, then it will likely slow the system down at the exact moment a user is waiting for a quick response. So, other than adding some documentation, I would leave the license script as is.
Just a thought for Joe/Jamie: Since there are so many various cron jobs now, it is a bit daunting and confusing to look in the root crontab file. It might be a lot cleaner to just create a single "master" cron job for Virtualmin, and then have that script call whatever sub-jobs are necessary.
This would also have the added benefit of making it much easier to set up the crontab in the first place, especially if a system administrator accidentally deletes it with a "crontab -r". :-)
Well,
THe liscense should be self explainatory ;-)
liscense verification and compliance
I think it's a good trait to be security conscious, there's a lot to watch out for on the Net.
Of all the programs Webmin/Virtualmin installs and runs as root, I'm curious why you're concerned about these 7 in particular. I hadn't run across any general documentation on the ones run as root from within the webmin daemon, have you had a chance to audit them?
-Eric
These are cron jobs and run at certain times. I want to know why and what they are for.
Looking at the files there is no explanation for them. Just code. Another fact is that in no placin the changelogs are these files mentioned. It's as if Joe and Jamie just stuck them in without notifing anyone what they are needed for and the function of them.
In full disclosure policy I think that they should document the programs that are set for cron jobs other then the obvious like webalizer and such.
If Joe and Jamie have 240 hours a day and their stomach can convert air into nutrients for the body, I'm sure it will be documented in a flash... hand-carved into a 10-tonne stone block decorated with neon lights. ;-)
Alrighty smartass 2 can play this game.....
There is always a Wiki where _ANYONE_ can edit the docs as well, no need for Joe or Jamie then.
See, I can be a smartass too but all that really doesn't take a rocket scientist to figure that out right?
Simmer down now, boys. ;-)
Yes, a wiki will solve all of these problems--and it'll go online in a matter of hours. I'm knocking out the last little stupid issues in our new website as we speak. It goes online this weekend come hell or high water.
--
Check out the forum guidelines!
Where is the wiki at? I don't see any links to it unless I am just not seeing it.
<i>Where is the wiki at?</i>
As I said, it goes online this weekend. It is not public yet. I'm going as fast as I can. ;-)
--
Check out the forum guidelines!