Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to:
- Microsoft Defender for Endpoint for servers
- Microsoft Defender for Servers Plan 1 or Plan 2
To run a scan for Linux, see Supported commands.
For Linux (and Unix), you can use a tool called crontab (similar to Task Scheduler in Windows) to run scheduled tasks.
Prerequisite
Note
To get a list of all the time zones, run the following command:
timedatectl list-timezones
Examples for timezones:
America/Los_AngelesAmerica/New_YorkAmerica/ChicagoAmerica/Denver
Set the Cron job
To set the cron job, use the commands in this article.
Backup crontab entries
sudo crontab -l > /var/tmp/cron_backup_200919.dat
Note
Where 200919 == YRMMDD
Tip
Do this before you edit or remove.
To edit the crontab, and add a new job as a root user:
sudo crontab -e
Note
The default editor is VIM.
You might see:
0 * * * * /etc/opt/microsoft/mdatp/logrorate.sh
Press Insert, and then add the following entries:
CRON_TZ=America/Los_Angeles
0 2 * * sat /bin/mdatp scan quick > ~/mdatp_cron_job.log
Note
In this example, we have set it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC -8).
Press Esc, and then type ":wq" without the double quotes.
Note
w == write, q == quit
To view your cron jobs, type sudo crontab -l
To inspect cron job runs
sudo grep mdatp /var/log/cron
To inspect the mdatp_cron_job.log*
sudo nano mdatp_cron_job.log
If you're using Ansible, Chef, Puppet, or SaltStack
Use the following commands:
To set cron jobs in Ansible
cron - Manage cron.d and crontab entries
For more information, see Ansible documentation.
To set crontabs in Chef
cron resource
For more information, see Chef documentation.
To set cron jobs in Puppet
Resource Type: cron
For more information, see Puppet documentation: Resource Type: cron.
Automating with Puppet: Cron jobs and scheduled tasks
For more information, see Puppet documentation about jobs and scheduled tasks.
To manage cron jobs in SaltStack
Resource Type: salt.states.cron
Example:
mdatp scan quick > /tmp/mdatp_scan_log.log:
cron.present:
- special: '@hourly'
For more information, see the Salt.States.Cron documentation.
Additional information
To get help with crontab
man crontab
To get a list of crontab file of the current user
crontab -l
To get a list of crontab file of another user
crontab -u username -l
To back up crontab entries
crontab -l > /var/tmp/cron_backup.dat
Tip
Do this before you edit or remove.
To restore crontab entries
crontab /var/tmp/cron_backup.dat
To edit the crontab and add a new job as a root user
sudo crontab -e
To edit the crontab and add a new job
crontab -e
To edit other user's crontab entries
crontab -u username -e
To remove all crontab entries
crontab -r
To remove other user's crontab entries
crontab -u username -r
Explanation
+—————- minute (values: 0 - 59) (special characters: , \- \* /) <br>
| +————- hour (values: 0 - 23) (special characters: , \- \* /) <br>
| | +———- day of month (values: 1 - 31) (special characters: , \- \* / L W C) <br>
| | | +——- month (values: 1 - 12) (special characters: , \- \* /) <br>
| | | | +—- day of week (values: 0 - 6) (Sunday=0 or 7) (special characters: , \- \* / L W C) <br>
| | | | |*****command to be executed
See also
- Microsoft Defender for Endpoint on Linux
- Prerequisites for Microsoft Defender for Endpoint on Linux
- Configure security settings and policies for Microsoft Defender for Endpoint on Linux
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.