Cron jobs (Linux)

By on
Image showing cron jobs.


In this blog:

  • What are Cron jobs?
  • Why automate tasks?
  • Automating scans.
  • Creating a crontab.



What are Cron jobs?

When creating home labs or working as a sysadmin or anything in between, there is always some task that we must do continuously. 

For example, in my home lab comprising of a Kali Linux machine, Windows 10 Virtual Machine and a Metasploitable Virtual Machine, I want my Linux machine to run a Tripwire report every night.

Tripwire is an open-source file integrity monitoring software and checks for alterations to any files in the user system.


Why automate tasks?

Automating tasks is not only quick and efficient, but is also more secure as fewer inputs mean fewer mistakes. 

There is no possibility of forgetting to do tasks as the system will complete them automatically and you can set it to initiate during off-peak times so as to not affect work.


Automating tasks

To view the crontab manual page, type ➡️ cat /etc/crontab

You get this rather complex page here. 

Each of the lines that are not commented out, are individual cron jobs.

The general syntax for cron jobs are:
minutes, hours, day of month, month, day of week, command to execute.
Asterisks are used to indicate the inclusion of all times and dates for each option.


Image showing Linux commands.
Crontab manual page.

To check if we have a crontab running for the current user, type ➡️ 

crontab -l

According to the image below, we have no cronjobs running as of yet.

Image showing Linux command.
Checking for cronjobs.




Creating a crontab

To create a new cronjob, type ➡️ crontab -e

If this is your first time making a crontab, it will ask you to pick your preferred editor. I will stick with the default (and easiest) Nano editor.


Image showing Linux command.
Picking the editor to run crontab in.


A nano file will be created in the tmp directory as this is a temporary file as of now but once completed and saved, it will become permanent.

Image showing crontab creation.
Creating a cronjob in nano.

Now following the guide given at the bottom, we can craft our own cronjob.

30 4 * * * tripwire --check | mail -s "Tripwire report for <uname -n>" uname@unanme.uname

The above command sets the time at 04:30am, as this is a time when I will not be using my machine so it can work without interfering with my work. 

The asterisks allow the cronjob to run every day and month.

The command then starts by running a tripwire scan, and piping the scan report to an email address for the system user with the subject "Tripwire report for <unaname>".

For more information on emails in Linux, see this Tripwire blog.

Save the file and exit. You should now have a Tripwire report that runs every day at a specific time and the results emailed to your user account.

You should read the results and take action where necessary as they can indicate signs of system compromise.



Shone is a Cyber Security student at the Manchester Metropolitan University. Shone started writing blogs to document his own learning and help others along the way.

Comments

Post a Comment

Popular posts from this blog

Connecting Metasploitable to Kali Linux

By on
Image
  In this blog: Pre-text. Setting up NAT Network. Connected. What's next? This blog is one of a 4 part series in Metasploitable. Click here to see how to run a DOS attack on Metasploitable. Click here to see how to deface Metasploitable's webpage. Click here to see how to fix a common timer error that occurs during bootup .  Pre-text This blog comes after the tutorial on creating a Metasploitable virtual machine and solving the kernel timer error. Setting up a NAT Network In our Linux machine, I checked the network interfaces on the system and I have a tunnel connection that I set up earlier for Openvpn access.  To terminate this connection, type ➡️  sudo killall openvpn . Killing Openvpn connections. Now to connect the metasploitable machine to the kali Linux machine we must create a NAT Network.  We want to make sure that the machine is not able to communicate with connections outside the host. Go to file ➡️...
Read more

Fixing kernel timer error in Metasploitable

By on
Image
In this blog: Disclaimer. Fixing the kernel timer error. What's next? This blog is one of a 4 part series in Metasploitable. Click here to see how to run a DOS attack on Metasploitable. Click here to see how to deface Metasploitable's webpage. Click here to see how to set up a Metasploitable lab . Click here to see how to connect Metasploitable with Kali Linux . Disclaimer The solution given in this blog is for the kernel timer error that is caused by a misconfiguration in the kernel boot settings in the BIOS. The solution is not permanent and you must complete the steps each time you start a new session. Fixing timer errors To start the virtual machine, go back to VirtualBox and click start. When starting, if you get this kernel panic – not syncing error message, follow these steps ➡️  Kernel panick error message. Go to settings, system and double the base memory to 2048MB. Doubling base memory. Provide the machine with two processors instead of one and click OK.  Doubling p...
Read more

Wireshark alternative ➡️ tcpdump (Linux)

By on
Image
In this blog: What is tcpdump? Installation. Usage. Saving captures to a file. Filtering output. Expressions. Understanding the output. Packet content.   The end? See my Wireshark blog here. See my blog on uncovering network attacks using Wireshark here.                                   What is tcpdump? Tcpdump is a command line alternative to Wireshark and runs natively on Linux based operating systems.  The tool is not as feature rich as Wireshark but can be faster and more efficient in capturing and displaying packets, hence why many network admins and security professionals like using tcpdump for quick analysis.  Being a command line tool allows it to be run on remote servers to troubleshoot networks where a gui may not be available. The .PCAP files can then be analysed with Wireshark later. Most Linux distributions come with tcpdump installed, so your distro might already have it d...
Read more