Schedule an update for Microsoft Defender for Endpoint on Linux
Applies to:
- Microsoft Defender for Endpoint Server
- Microsoft Defender for Servers
To run an update on Microsoft Defender for Endpoint on Linux, see Deploy updates for Microsoft Defender for Endpoint on Linux.
Linux (and Unix) have a tool called crontab (similar to Task Scheduler) to be able to run scheduled tasks.
Pre-requisite
Note
To get a list of all the time zones, run the following command:
timedatectl list-timezones
Examples for timezones:
America/Los_Angeles
America/New_York
America/Chicago
America/Denver
To set the Cron job
Use the following commands:
Backup crontab entries
sudo crontab -l > /var/tmp/cron_backup_201118.dat
Note
Where 201118 == YYMMDD
Tip
Do this before you edit or remove.
To edit the crontab, and add a new job as a root user:
sudo crontab -e
Note
The default editor is VIM.
You might see:
0 * * * * /etc/opt/microsoft/mdatp/logrorate.sh
And
0 2 * * sat /bin/mdatp scan quick>~/mdatp_cron_job.log
See Schedule scans with Microsoft Defender for Endpoint (Linux)
Press "Insert"
Add the following entries:
CRON_TZ=America/Los_Angeles
#!RHEL and variants (CentOS and Oracle Linux)
0 6 * * sun [ $(date +%d) -le 15 ] && sudo yum update mdatp -y >> ~/mdatp_cron_job.log
#!SLES and variants
0 6 * * sun [ $(date +%d) -le 15 ] && sudo zypper update mdatp >> ~/mdatp_cron_job.log
#!Ubuntu and Debian systems
0 6 * * sun [ $(date +%d) -le 15 ] && sudo apt-get install --only-upgrade mdatp >> ~/mdatp_cron_job.log
Note
In the examples above, we are setting it to 00 minutes, 6 a.m.(hour in 24 hour format), any day of the month, any month, on Sundays.[$(date +%d) -le 15] == Won't run unless it's equal or less than the 15th day (3rd week). Meaning it will run every 3rd Sundays(7) of the month at 6:00 a.m. Pacific (UTC -8).
Press "Esc"
Type ":wq
" w/o the double quotes.
Note
w == write, q == quit
To view your cron jobs, type sudo crontab -l
To inspect cron job runs:
sudo grep mdatp /var/log/cron
To inspect the mdatp_cron_job.log
sudo nano mdatp_cron_job.log
For those who use Ansible, Chef, or Puppet
Use the following commands:
To set cron jobs in Ansible
cron - Manage cron.d and crontab entries
See https://docs.ansible.com/ansible/latest for more information.
To set crontabs in Chef
cron resource
See https://docs.chef.io/resources/cron/ for more information.
To set cron jobs in Puppet
Resource Type: cron
See https://puppet.com/docs/puppet/5.5/types/cron.html for more information.
Automating with Puppet: Cron jobs and scheduled tasks
See https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/ for more information.
Additional information
To get help with crontab
man crontab
To get a list of crontab file of the current user
crontab -l
To get a list of crontab file of another user
crontab -u username -l
To back up crontab entries
crontab -l > /var/tmp/cron_backup.dat
Tip
Do this before you edit or remove.
To restore crontab entries
crontab /var/tmp/cron_backup.dat
To edit the crontab and add a new job as a root user
sudo crontab -e
To edit the crontab and add a new job
crontab -e
To edit other user's crontab entries
crontab -u username -e
To remove all crontab entries
crontab -r
To remove other user's crontab entries
crontab -u username -r
Explanation
+—————- minute (values: 0 - 59) (special characters: , - * /)
| +————- hour (values: 0 - 23) (special characters: , - * /)
| | +———- day of month (values: 1 - 31) (special characters: , - * / L W C)
| | | +——- month (values: 1 - 12) (special characters: ,- * / )
| | | | +—- day of week (values: 0 - 6) (Sunday=0 or 7) (special characters: , - * / L W C)
| | | | |*****command to be executed
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.