Schedule an update for Microsoft Defender for Endpoint on Linux
Applies to:
- Microsoft Defender for Endpoint Server
- Microsoft Defender for Servers
To run an update on Microsoft Defender for Endpoint on Linux, see Deploy updates for Microsoft Defender for Endpoint on Linux.
Linux and Unix have a tool called crontab (similar to Task Scheduler) to be able to run scheduled tasks.
To get a list of all the time zones, run the following command:
timedatectl list-timezones
Examples for timezones:
To set the Cron job
Use the following commands:
Backup crontab entries
sudo crontab -l > /var/tmp/cron_backup_201118.dat
In our example, 201118
Do this before you edit or remove.
To edit the crontab, and add a new job as a root user:
sudo crontab -e
The default editor is VIM.
You might see:
0 * * * * /etc/opt/microsoft/mdatp/
0 2 * * sat /bin/mdatp scan quick>~/mdatp_cron_job.log
See Schedule scans with Microsoft Defender for Endpoint (Linux)
Press "Insert"
Add the following entries:
#!RHEL and variants (CentOS and Oracle Linux)
0 6 * * sun [ $(date +%d) -le 15 ] && sudo yum update mdatp -y >> ~/mdatp_cron_job.log
#!SLES and variants
0 6 * * sun [ $(date +%d) -le 15 ] && sudo zypper update mdatp >> ~/mdatp_cron_job.log
#!Ubuntu and Debian systems
0 6 * * sun [ $(date +%d) -le 15 ] && sudo apt-get install --only-upgrade mdatp >> ~/mdatp_cron_job.log
In the previous examples, we specified 00
minutes, 6 a.m. (hour using the 24-hour format), any day of the month, any month, on Sundays.
[$(date +\%d) -le 15]
doesn't run unless it's equal or less than the 15th day (third week).
This means the job runs at 6 a.m. every Sunday, but only if the day of the month is the 15th or earlier.
Press "Esc"
Type ":wq
" w/o the double quotes.
w == write, q == quit
To view your cron jobs, type sudo crontab -l
To inspect cron job runs:
sudo grep mdatp /var/log/cron
To inspect the mdatp_cron_job.log
sudo nano mdatp_cron_job.log
For those who use Ansible, Chef, or Puppet
Use the following commands:
To set cron jobs in Ansible
cron - Manage cron.d and crontab entries
See for more information.
To set crontabs in Chef
cron resource
See for more information.
To set cron jobs in Puppet
Resource Type: cron
See for more information.
Automating with Puppet: Cron jobs and scheduled tasks
See for more information.
Additional information
To get help with crontab
man crontab
To get a list of crontab file of the current user
crontab -l
To get a list of crontab file of another user
crontab -u username -l
To back up crontab entries
crontab -l > /var/tmp/cron_backup.dat
Do this before you edit or remove.
To restore crontab entries
crontab /var/tmp/cron_backup.dat
To edit the crontab and add a new job as a root user
sudo crontab -e
To edit the crontab and add a new job
crontab -e
To edit other user's crontab entries
crontab -u username -e
To remove all crontab entries
crontab -r
To remove other user's crontab entries
crontab -u username -r
+—————- minute (values: 0 - 59) (special characters: , - * /)
| +————- hour (values: 0 - 23) (special characters: , - * /)
| | +———- day of month (values: 1 - 31) (special characters: , - * / L W C)
| | | +——- month (values: 1 - 12) (special characters: ,- * / )
| | | | +—- day of week (values: 0 - 6) (Sunday=0 or 7) (special characters: , - * / L W C)
| | | | |*****command to be executed
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.