dannyman.toldme.com

HOWTO: Audit User Crontabs

For production systems, I think it is best to use a single, centralized /etc/crontab, which simplifies the job of tracking batch processes. On a production system, batch scripts should be sufficiently robust such that if they are resource or lock-intensive, they make sure everything is okay before they get to work. Stuff like user crons and fcrontab can live in your development and corporate servers.

Of course, sometimes you inherit production systems with people who don’t think like you do. You’ll need to review what random user crons are running on each system. With any luck you’ll have a sane OS that keeps the user crontabs in a well-documented location. (FreeBSD? /var/cron/tabs . . . SuSE . . . still not sure . . .) Of course, luck is a fickle mistress, and sometimes you have to do it the evil way:

> cat /etc/passwd | awk -F : '{print "echo crontabs for user "$1"\ncrontab -l -u "$1"\n"}' > /tmp/crontabs.sh
> head /tmp/crontabs.sh
echo crontabs for user root
crontab -l -u root
 
echo crontabs for user bin
crontab -l -u bin
 
echo crontabs for user daemon
crontab -l -u daemon
 
echo crontabs for user lp
> sudo sh /tmp/crontabs.sh | mail -s "`hostname` crontabs" $USER

If you are borrowing my “recipe” you will likely want to put your e-mail address where it says $USER . . . and, you may have to do the same for fcron as well. Bah!

cat /etc/passwd | awk -F : '{print "echo fcrontabs for user "$1"\n/usr/local/bin/fcrontab -l -u "$1"\n"}' > /tmp/fcrontabs.sh
sudo sh /tmp/fcrontabs.sh | mail -s "`hostname` fcrontabs" $USER