Cron jobs (Linux)

In this blog:

• What are Cron jobs?

• Why automate tasks?

• Automating tasks.

• Creating a crontab.

➡️ This blog is on automating a Tripwire scan. See my blog on Tripwire here.

What are Cron jobs?

When creating home labs or working as a sysadmin or anything in between, there is always some task that we must do continuously.

For example, in my home lab comprising of a Kali Linux machine, Windows 10 Virtual Machine and a Metasploitable Virtual Machine, I want my Linux machine to run a Tripwire report every night.

Tripwire is an open-source file integrity monitoring software and checks for alterations to any files in tauthe user system.

Why automate tasks?

Automating tasks is not only quick and efficient, but is also more secure as fewer inputs mean fewer mistakes.

There is no possibility of forgetting to do tasks as the system will complete them automatically and you can set it to initiate during off-peak times so as to not affect work.

Automating tasks

To view the crontab manual page, type ➡️

cat /etc/crontab

You get this rather complex page here.

Each of the lines that are not commented out, are individual cron jobs.

The general syntax for cron jobs are:

minutes, hours, day of month, month, day of week, command to execute

Asterisks are used to indicate the inclusion of all times and dates for each option.

To check if we have a crontab running for the current user, type ➡️

crontab -l

According to the image below, we have no cronjobs running as of yet.

Creating a crontab

To create a new cronjob, type ➡️

crontab -e

If this is your first time making a crontab, it will ask you to pick your preferred editor. I will stick with the default (and easiest) Nano editor.

A nano file will be created in the tmp directory as this is a temporary file as of now but once completed and saved, it will become permanent.

Now following the guide given at the bottom, we can craft our own cronjob ➡️

30 4 * * * tripwire --check | mail -s "Tripwire report for <uname -n>" uname@unanme.uname

The above command sets the time at 04:30am, as this is a time when I will not be using my machine so it can work without interfering with my work.

The asterisks allow the cronjob to run every day and month.

The command then starts by running a tripwire scan, and piping the scan report to an email address for the system user with the subject

Tripwire report for <unaname>.

For more information on emails in Linux, see this Tripwire blog.

Save the file and exit. You should now have a Tripwire report that runs every day at a specific time and the results emailed to your user account.

You should read the results and take action where necessary as they can indicate signs of system compromise.