HPE Community
Operating System - HP-UX
1847856 Members
2596 Online
104021 Solutions
New Discussion

Re: cron and crontab logging

 
J Busch
Advisor

‎08-24-2004 03:56 AM

‎08-24-2004 03:56 AM

cron and crontab logging

I currently maintain three app servers running hpux 11.00.

I have been tasked to implement a logging system for crontab changes. The company wants to record who, when and what was changed in each crontab or at file. The cron log records when the jobs run but we need to capture if and when the cron or the at job schedules are changed and who changed them.

Is there solution from HP or another software provider or do I need to generate something in-house.

Thanks…
0 Kudos
7 REPLIES 7
Sundar_7
Honored Contributor

‎08-24-2004 04:02 AM

‎08-24-2004 04:02 AM

Re: cron and crontab logging

You have to use one of those revision Control Softwares.

RCS (Revision Control System) is inbuilt and can be used for this purpose.

man co and man ci
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Pete Randall
Outstanding Contributor

‎08-24-2004 04:07 AM

‎08-24-2004 04:07 AM

Re: cron and crontab logging

I don't think RCS is going to do it simply because RCS controls the crontab entry that was logged into it. A user, however, can use "crontab -l > some_other_file", alter some_other_file, and resubmit it via "crontab some_other_file".

I would suggest you lock down crontab via /usr/lib/cron/cron.allow and /usr/lib/cron/cron.deny, so that only root can submit cron jobs. The the root user can maintain a record of what changed and who changed. This isn't an ideal solution, obviously, because it's manual, but I know of no way to accomplish this via software.


Pete

Pete
0 Kudos
Muthukumar_5
Honored Contributor

‎08-24-2004 04:10 AM

‎08-24-2004 04:10 AM

Re: cron and crontab logging

Default logging file used as /usr/lib/cron/log to record all actions ( history ) to be stored out there.

Man page (cron) -->
A history of all actions taken by cron is recorded in
/usr/lib/cron/log.

You can automate cron actions with some scripts with additional informations to be logged when invoking on command line as a service. That script will have to take charge all cron* actions on shell.

So control / actions has to be done through this script.

Regards
Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Rick Garland
Honored Contributor

‎08-24-2004 04:13 AM

‎08-24-2004 04:13 AM

Re: cron and crontab logging

There are 3rd party schedulers available that will centralize the tasks and therefore provide you a way to more easily keep track of changes that occur.
0 Kudos
Rick Garland
Honored Contributor

‎08-24-2004 04:17 AM

‎08-24-2004 04:17 AM

Re: cron and crontab logging

Another idea.

You can have 1 crontab file for the root account and this file is the same on all 3 servers. You would need to put in some logic to check the hostname and if correct then run some job on that respective host.

Not an ideal solution but one that will be more manageable in keeping track of your crontab file. (You only have 1 to keep track of)

0 Kudos
Jeroen Peereboom
Honored Contributor

‎08-24-2004 06:35 PM

‎08-24-2004 06:35 PM

Re: cron and crontab logging

Jim,

Just another suggestion:

write a script that uses RCS to check all cron files in /var/spool/cron/crontabs against their previously obtained contents in RCS files in a separate directory.
If there is a difference, check in the new version and send an alert (mail?) to the admins that something has changed and needs to be checked. Alternatively, if you do not check in the change, you will receive the alert till some admin checks in the change manually.

This script can be run using cron ;-).

I've used a script like these to check for all root setuid files on a system.

JP.
0 Kudos
J Busch
Advisor

‎08-25-2004 12:27 AM

‎08-25-2004 12:27 AM

Re: cron and crontab logging

I have takne parts from a couple of suggestions and am working on a custom script. a 3rd party solution would be great but the cost is an issuse.

Thanks for the help...
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.