Schedule security intelligence updates for Microsoft Defender for Endpoint on Linux

To run an update on Microsoft Defender for Endpoint on Linux, see Deploy updates for Microsoft Defender for Endpoint on Linux.

Linux and Unix have a tool called crontab (similar to Task Scheduler) to be able to run scheduled tasks.

Prerequisites

Set the cron job

Use the following commands:

Backup crontab entries

Use the following command to back up the current crontab entries before making changes:

sudo crontab -l > /var/tmp/cron_backup_201118.dat

To edit the root user's crontab and add a new job:

sudo crontab -e

You might see:

0 * * * * /etc/opt/microsoft/mdatp/logrorate.sh

And

0 2 * * sat /bin/mdatp scan quick>~/mdatp_cron_job.log

For instructions on creating a scheduled antivirus scan job, see Schedule scans with Microsoft Defender for Endpoint (Linux).

Press "Insert"

Add the following entries:

CRON_TZ=America/Los_Angeles

#!RHEL and variants (CentOS and Oracle Linux)

0 6 * * sun [ $(date +\%d) -le 15 ] && sudo yum update mdatp -y >> ~/mdatp_cron_job.log

#!SLES and variants

0 6 * * sun [ $(date +\%d) -le 15 ] && sudo zypper update mdatp >> ~/mdatp_cron_job.log

#!Ubuntu and Debian systems

0 6 * * sun [ $(date +\%d) -le 15 ] && sudo apt-get install --only-upgrade mdatp >> ~/mdatp_cron_job.log

Press "Esc"

Type ":wq" w/o the double quotes.

To view your cron jobs, type sudo crontab -l

To inspect cron job runs:

sudo grep mdatp /var/log/cron

To inspect the mdatp_cron_job.log

sudo nano mdatp_cron_job.log

Configure scheduled updates with Ansible, Chef, or Puppet

Use the following commands:

To set cron jobs in Ansible

Use Ansible's cron module to manage cron jobs:

cron - Manage cron.d and crontab entries

See https://docs.ansible.com/ansible/latest for more information.

To set crontabs in Chef

cron resource

See https://docs.chef.io/resources/cron/ for more information.

To set cron jobs in Puppet

Resource Type: cron

See https://puppet.com/docs/puppet/5.5/types/cron.html for more information.

Automating with Puppet: Cron jobs and scheduled tasks

See https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/ for more information.

Common crontab commands and examples

To get help with crontab

Run the following command to view the crontab manual page:

man crontab

To get a list of crontab file of the current user

Run the following command to list the current user's crontab entries:

crontab -l

To get a list of crontab file of another user

Run the following command to list another user's crontab entries:

crontab -u username -l

To back up crontab entries

Use the following command to back up the current crontab entries:

crontab -l > /var/tmp/cron_backup.dat

To restore crontab entries

Run the following command to restore crontab entries from a backup file:

crontab /var/tmp/cron_backup.dat

To edit the crontab and add a new job as a root user

Use the following command to edit the root user's crontab and add a new job:

sudo crontab -e

To edit the crontab and add a new job

Run the following command to edit the current user's crontab and add a new job:

crontab -e

To edit other user's crontab entries

Run the following command to edit another user's crontab entries:

crontab -u username -e

To remove all crontab entries

Use the following command to remove all crontab entries for the current user:

crontab -r

To remove other user's crontab entries

Use the following command to remove another user's crontab entries:

crontab -u username -r

Cron expression field reference

The following diagram explains the fields in a cron expression:

+—————- minute (values: 0 - 59) (special characters: , - * /)  

| +————- hour (values: 0 - 23) (special characters: , - * /) 

| | +———- day of month (values: 1 - 31) (special characters: , - * / L W C)  

| | | +——- month (values: 1 - 12) (special characters: ,- * / )  

| | | | +—- day of week (values: 0 - 6) (Sunday=0 or 7) (special characters: , - * / L W C) 

| | | | |*****command to be executed