Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

CRON Appears to Start Itself!

Posted on 2002-04-17
7
Medium Priority
?
298 Views
Last Modified: 2013-12-06
Background:
The system is an HP 715 running under HP-UX 10.20. The CRON in question is run via an account created specially for this purpose. In other words, I don't run, or have access to, it under root.

Several times now, I have found crontabs running that I had disabled via crontab -r and verified were down with crontab -l. This is odd, to say the least.

Question:
Is there some kind of bug/glitch in the OS that would cause/allow this to happen, or should I start suspecting that someone is hacking in for a bit of fun?
0
Comment
Question by:pdouglas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 3

Expert Comment

by:elfie
ID: 6948009
Is it possible that the crontab entries are being re-created?

You must verify the crontab files in the crontab directory. Check for the modification time of this file (and directory).

Also take a look a possible schedules 'at' jobs.
0
 

Expert Comment

by:cjwong
ID: 6952752
Confirm if other accounts have no similiar cron running?

If you suspect that there are "hackers" in, check on the modification date of the files, sulog files,etc to see if there is any unexpected intruders.
0
 

Author Comment

by:pdouglas
ID: 6953217
Other accounts do have access to CRON, but not the particular crontab in question.

The modification date of the crontab is as it should be.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 3

Expert Comment

by:elfie
ID: 6953280
did you check the file also for 'latest access and creation' time?

check with "ls -lc", "ls -lu', and normal "ls -l".

If you delete the crontab file, then you can verify when the file was last read/accessed/created-modified.

This way you can see of the file has been restored from backup, recreated, and at which time.

How often is the file being 're-created'? Does this occur every day/week/months?

0
 

Author Comment

by:pdouglas
ID: 6954005
If by "created" you mean activated with the crontab <filename> command, then this is done once every several months. I'm not seeing from ls commands where the crontab was accessed on the days that I found it running after having deactivated it, so I guess this rules out hacking.
0
 
LVL 3

Accepted Solution

by:
elfie earned 600 total points
ID: 6954036
When you execute  crontab -r, is the crontab file emptied, or completely removed from the system?
If it is completely removed from the system, you should monitor it when it re-appears.

I have never heard before of crontab's reappearing. When executing crontab -r, the files are removed. So crontab can only be re-enabled by recreating the files. Once the files are in crontabs directory they will get executed on the time include in the file.

So if crontab were re-executed, someone must have put them back on the original place. If you suspect no hackers, then mostlikely it will be a restore from backup. (my guess)
0
 

Author Comment

by:pdouglas
ID: 6954278
When I issue a crontab -r command, this does not remove it from the system, but rather stops it from being executed.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question