Auditing the cron jobs scheduled on the Unix or Linux server.

I have recently taken ownership of a Solaris 5.9 server and am in the process of migrating the applications over to a recent release. I decided to audit the applications and configuration of all the apps installed. One of the very long list of items I needed to figure out is the cron job,i.e. any automated scripts persormed by the system. I will explain the method I used to create a complete inventory of all cron jobs belonging to the administrator and users.

Cron jobs are generally stored in the default path of /var/spool/cron/crontabs. This path is common for most Unix and Linux versions. The easiest way to determine if a cron job is running is to goto /var/spool/cron/crontabs and list the files. You can cat the file to see the scheduled job.

I was only concerned about the scheduled jobs for all active userids and wanted to make sure that I captued them all.

The first thing I did was to list all active user accounts using the listusers command and redirecting the output to a file all_user_names. See the example below.

# listusers > all_user_names

You can view the file one page at a time using more, I copied the file to my desktop and inported it into Excel. This way I could then take notes.

# more all_user_names

You need to login as each user to see if they have any cron job. Since I did not know the password for each user accounts I simply used to su – user_name command to logon as the user. This will not prompt for password if you are already logged in as root or superuser.

# su – andrew

After loggin in as the user, run the command crontab -l to display any scheduled job.

server_promtp% crontab -l
# This command helps clean up user accounts.
1 0 * * 0 rm /home/andrew/*.log > /dev/null 2>&1

In the above example the # indicates a comment follows. All files with the extnsion .log is deleted very Sunday at 12:01 am.

If you get the message crontab: can’t open your crontab file, then it means that there are no schedule job for the the user.

About Andrew Lin

Hi, I have always wanted to creat a blog site but never had the time. I have been working in Information Technology for over 15 years. I specialize mainly in networks and server technologies and dabble a little with the programming aspects. Andrew Lin

View all posts by Andrew Lin →