Schedule an update of the Microsoft Defender for Endpoint (Linux)
To run an update on Microsoft Defender for Endpoint on Linux, see Deploy updates for Microsoft Defender for Endpoint on Linux.
Linux (and Unix) have a tool called crontab (similar to Task Scheduler) to be able to run scheduled tasks.
Pre-requisite
Note
To get a list of all the time zones, run the following command:
timedatectl list-timezones
Examples for timezones:
America/Los_AngelesAmerica/New_YorkAmerica/ChicagoAmerica/Denver
To set the Cron job
Use the following commands:
Backup crontab entries
sudo crontab -l > /var/tmp/cron_backup_201118.dat
Note
Where 201118 == YYMMDD
Tip
Do this before you edit or remove.
To edit the crontab, and add a new job as a root user:
sudo crontab -e
Note
The default editor is VIM.
You might see:
0 * * * * /etc/opt/microsoft/mdatp/logrorate.sh
And
0 2 * * sat /bin/mdatp scan quick>~/mdatp_cron_job.log
See Schedule scans with Microsoft Defender for Endpoint (Linux)
Press "Insert"
Add the following entries:
CRON_TZ=America/Los_Angeles
#!RHEL and variants (CentOS and Oracle Linux)
0 6 * * sun [ $(date +%d) -le 15 ] && sudo yum update mdatp -y >> ~/mdatp_cron_job.log
#!SLES and variants
0 6 * * sun [ $(date +%d) -le 15 ] && sudo zypper update mdatp >> ~/mdatp_cron_job.log
#!Ubuntu and Debian systems
0 6 * * sun [ $(date +%d) -le 15 ] && sudo apt-get install --only-upgrade mdatp >> ~/mdatp_cron_job.log
Note
In the examples above, we are setting it to 00 minutes, 6 a.m.(hour in 24 hour format), any day of the month, any month, on Sundays.[$(date +%d) -le 15] == Won't run unless it's equal or less than the 15th day (3rd week). Meaning it will run every 3rd Sundays(7) of the month at 6:00 a.m. Pacific (UTC -8).
Press "Esc"
Type ":wq" w/o the double quotes.
Note
w == write, q == quit
To view your cron jobs, type sudo crontab -l
To inspect cron job runs:
sudo grep mdatp /var/log/cron
To inspect the mdatp_cron_job.log
sudo nano mdatp_cron_job.log
For those who use Ansible, Chef, or Puppet
Use the following commands:
To set cron jobs in Ansible
cron - Manage cron.d and crontab entries
See https://docs.ansible.com/ansible/latest for more information.
To set crontabs in Chef
cron resource
See https://docs.chef.io/resources/cron/ for more information.
To set cron jobs in Puppet
Resource Type: cron
See https://puppet.com/docs/puppet/5.5/types/cron.html for more information.
Automating with Puppet: Cron jobs and scheduled tasks
See https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/ for more information.
Additional information
To get help with crontab
man crontab
To get a list of crontab file of the current user
crontab -l
To get a list of crontab file of another user
crontab -u username -l
To back up crontab entries
crontab -l > /var/tmp/cron_backup.dat
Tip
Do this before you edit or remove.
To restore crontab entries
crontab /var/tmp/cron_backup.dat
To edit the crontab and add a new job as a root user
sudo crontab -e
To edit the crontab and add a new job
crontab -e
To edit other user's crontab entries
crontab -u username -e
To remove all crontab entries
crontab -r
To remove other user's crontab entries
crontab -u username -r
Explanation
+—————- minute (values: 0 - 59) (special characters: , - * /)
| +————- hour (values: 0 - 23) (special characters: , - * /)
| | +———- day of month (values: 1 - 31) (special characters: , - * / L W C)
| | | +——- month (values: 1 - 12) (special characters: ,- * / )
| | | | +—- day of week (values: 0 - 6) (Sunday=0 or 7) (special characters: , - * / L W C)
| | | | |*****command to be executed
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.