Редагувати

Поділитися через


Schedule scans with Microsoft Defender for Endpoint (Linux)

To run a scan for Linux, see Supported Commands.

For Linux (and Unix), you can use a tool called crontab (similar to Task Scheduler in Windows) to run scheduled tasks.

Prerequisite

Note

To get a list of all the time zones, run the following command: timedatectl list-timezones
Examples for timezones:

  • America/Los_Angeles
  • America/New_York
  • America/Chicago
  • America/Denver

To set the Cron job

Use the following commands:

Backup crontab entries

sudo crontab -l > /var/tmp/cron_backup_200919.dat

Note

Where 200919 == YRMMDD

Tip

Do this before you edit or remove.

To edit the crontab, and add a new job as a root user:

sudo crontab -e

Note

The default editor is VIM.

You might see:

0 * * * * /etc/opt/microsoft/mdatp/logrorate.sh

Press "Insert"

Add the following entries:

CRON_TZ=America/Los_Angeles

0 2 * * sat /bin/mdatp scan quick > ~/mdatp_cron_job.log

Note

In this example, we have set it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC -8).

Press "Esc"

Type ":wq" without the double quotes.

Note

w == write, q == quit

To view your cron jobs, type sudo crontab -l

The linux mdatp page

To inspect cron job runs

sudo grep mdatp /var/log/cron

To inspect the mdatp_cron_job.log*

sudo nano mdatp_cron_job.log

If you're using Ansible, Chef, Puppet, or SaltStack

Use the following commands:

To set cron jobs in Ansible

cron - Manage cron.d and crontab entries

For more information, see Ansible documentation.

To set crontabs in Chef

cron resource

For more information, see Chef documentation.

To set cron jobs in Puppet

Resource Type: cron

See https://puppet.com/docs/puppet/5.5/types/cron.html for more information.

Automating with Puppet: Cron jobs and scheduled tasks

For more information, see Puppet documentation about jobs and scheduled tasks.

To manage cron jobs in SaltStack

Resource Type: salt.states.cron

Example:

mdatp scan quick > /tmp/mdatp_scan_log.log:
  cron.present:
    - special: '@hourly'

For more information, see the Salt.States.Cron documentation.

Additional information

To get help with crontab

man crontab

To get a list of crontab file of the current user

crontab -l

To get a list of crontab file of another user

crontab -u username -l

To back up crontab entries

crontab -l > /var/tmp/cron_backup.dat

Tip

Do this before you edit or remove.

To restore crontab entries

crontab /var/tmp/cron_backup.dat

To edit the crontab and add a new job as a root user

sudo crontab -e

To edit the crontab and add a new job

crontab -e

To edit other user's crontab entries

crontab -u username -e

To remove all crontab entries

crontab -r

To remove other user's crontab entries

crontab -u username -r

Explanation

+—————- minute (values: 0 - 59) (special characters: , \- \* /)  <br>
| +————- hour (values: 0 - 23) (special characters: , \- \* /) <br>
| | +———- day of month (values: 1 - 31) (special characters: , \- \* / L W C)  <br>
| | | +——- month (values: 1 - 12) (special characters: , \- \* /)  <br>
| | | | +—- day of week (values: 0 - 6) (Sunday=0 or 7) (special characters: , \- \* / L W C) <br>
| | | | |*****command to be executed

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.