Solved

good practices/required entries for a crontab file for user root

Posted on 2010-11-20
7
495 Views
Last Modified: 2013-12-27
what are the good practices/required entries for a crontab file for user root?

[open solaris ver: 5.11]
0
Comment
Question by:rastafaray
7 Comments
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 34180688
Most important are a regular backup and sar.
0
 

Author Comment

by:rastafaray
ID: 34180812
TY rickhobbs.

what is a "sar" pl?
0
 
LVL 16

Expert Comment

by:Joseph Gan
ID: 34183968
Plase look at
 
# man sar

and

# man crontab
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 34184735
System Activity Reporter.  Can be used to create reports similar to Perfmon in Windows.  Memory usage, disk usage, threads in use, etc, etc, etc.
0
 
LVL 9

Accepted Solution

by:
expert_tanmay earned 500 total points
ID: 34202588
*Always* version control everything you do in crontab. It provides an instant backup, accountability, easy rollbacks, and a history.

The entries in your crontab should be in some sort of order. What order depends on your preferences and on the nature of your entries, but some options might include:
   * Put the most important at the top.
    * Put the ones that run more often at the top.
    * Order by time they run.
    * Order by job groups (e.g. all entries dealing with the mail system).

It's very important to test out your final product. Cron entries have a nasty habit of working from the command line, but failing when called by cron, usually due to missing environment variables or path problems.

Don't be afraid to call external scripts. Anything even slightly complex should not be in the crontab itself, but inside of an external script called by the crontab. Make sure you name the script something very descriptive, such as flush_older_iptables_rules.pl. While a script means another separate dependency to keep track of, it offers many advantages:
   * The script can be run standalone outside of cron.
    * Different crontabs call all share the same script.
    * Concurrency and error handling is much easier.
    * A script can filter output and write cleaner output to log files.

In addition to using non-root accounts whenever possible, it is also very important to make sure that someone is actively receiving emails for each account that has cronjobs.

Heavily document your crontab file. The top line should indicate how the entries are organized.

Whenever possible, use some other account than root for cron entries. Not only is is desirable in general to avoid using root, it should be avoided because:
   * The root user probably already gets lots of email, so important cron output is more likely to be missed.
    * Entries should belong to the account responsible for that service, so Nagios cleanup jobs should be in the Nagios user's crontab. If rights are needed, consider granting specific sudo permissions.
    * Because root is a powerful account, its easier to break things or cause big problems with a simple typo.

Resist strongly the urge to add 2>/dev/null to the end of your entries.

Unfortunately, cron emails all output to you by default - both stdout and stderr. This means that the output tends to be overloaded - both informational messages and errors are sent. It's too easy for the error messages to get lost if you tend to to receive many informational cron messages. Even well-intentioned messages tend to cause problems over time, as you grow numb (for example) to the daily message showing you the output of a script that runs at 2 AM. After a while, you stop reading the body of the message, and then you mentally filter them away when you see them - too much mail to read to look that one over. Unfortunately, that's when your script fails and cron sends an error message that is not seen.

Don't put passwords into your crontab.

Both for safety and sanity, use the full paths to all commands.
0
 

Author Closing Comment

by:rastafaray
ID: 34252231
THANK YOU
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP Apache application gives "Forbidden" message 5 45
AWS CLI issues with Tags 3 66
Using init script with Systemd: need help crafting unit file 11 81
Shell Script on AIX 7 65
Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now