[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

CRON Appears to Start Itself!

Posted on 2002-04-17
7
Medium Priority
?
300 Views
Last Modified: 2013-12-06
Background:
The system is an HP 715 running under HP-UX 10.20. The CRON in question is run via an account created specially for this purpose. In other words, I don't run, or have access to, it under root.

Several times now, I have found crontabs running that I had disabled via crontab -r and verified were down with crontab -l. This is odd, to say the least.

Question:
Is there some kind of bug/glitch in the OS that would cause/allow this to happen, or should I start suspecting that someone is hacking in for a bit of fun?
0
Comment
Question by:pdouglas
  • 3
  • 3
7 Comments
 
LVL 3

Expert Comment

by:elfie
ID: 6948009
Is it possible that the crontab entries are being re-created?

You must verify the crontab files in the crontab directory. Check for the modification time of this file (and directory).

Also take a look a possible schedules 'at' jobs.
0
 

Expert Comment

by:cjwong
ID: 6952752
Confirm if other accounts have no similiar cron running?

If you suspect that there are "hackers" in, check on the modification date of the files, sulog files,etc to see if there is any unexpected intruders.
0
 

Author Comment

by:pdouglas
ID: 6953217
Other accounts do have access to CRON, but not the particular crontab in question.

The modification date of the crontab is as it should be.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:elfie
ID: 6953280
did you check the file also for 'latest access and creation' time?

check with "ls -lc", "ls -lu', and normal "ls -l".

If you delete the crontab file, then you can verify when the file was last read/accessed/created-modified.

This way you can see of the file has been restored from backup, recreated, and at which time.

How often is the file being 're-created'? Does this occur every day/week/months?

0
 

Author Comment

by:pdouglas
ID: 6954005
If by "created" you mean activated with the crontab <filename> command, then this is done once every several months. I'm not seeing from ls commands where the crontab was accessed on the days that I found it running after having deactivated it, so I guess this rules out hacking.
0
 
LVL 3

Accepted Solution

by:
elfie earned 600 total points
ID: 6954036
When you execute  crontab -r, is the crontab file emptied, or completely removed from the system?
If it is completely removed from the system, you should monitor it when it re-appears.

I have never heard before of crontab's reappearing. When executing crontab -r, the files are removed. So crontab can only be re-enabled by recreating the files. Once the files are in crontabs directory they will get executed on the time include in the file.

So if crontab were re-executed, someone must have put them back on the original place. If you suspect no hackers, then mostlikely it will be a restore from backup. (my guess)
0
 

Author Comment

by:pdouglas
ID: 6954278
When I issue a crontab -r command, this does not remove it from the system, but rather stops it from being executed.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question