From cb04295981d407c3871a7c0bc621fd85a5e50a93 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Mon, 12 Oct 2020 14:03:39 +0530 Subject: [PATCH 01/21] New_4490409 Created new topic "Schedule scans with Microsoft Defender ATP for Linux" --- images/linux-mdatp.png | Bin 0 -> 5634 bytes .../linux-schedule-scan-atp.md | 247 ++++++++++++++++++ 2 files changed, 247 insertions(+) create mode 100644 images/linux-mdatp.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md diff --git a/images/linux-mdatp.png b/images/linux-mdatp.png new file mode 100644 index 0000000000000000000000000000000000000000..f8c9c07b16906f1465cf3b97f50b71ab49b3f10f GIT binary patch literal 5634 zcmV+d7X9goP)4_KtMo6D;h>!XGcdzOG`^k zOiWEpO;Au!Qc_Y=Q&Ut_R8>_~R#sM5S65hASXo(FT3T9NU0q&YUSD5dU`H%sVP0cl zUt?lmV`F1vV_;-sVPs@vWn^MyWn*S#V`^$@Yinz4D*$Y4Yi(_8Zf$LDZfCf> zsHv%`sj8}~s;R1~s;jH3tgNi9t*x%EuCcMPvT!c5uc@=Mv$V0QwX?0YwY9gjuDG_a zxwWynwz9gov%9&pytuTyyu7`;w!XTyzP+EnySKl;zrnq^!NI}8!otPR-^S11#?ar! z(BR69Ps+im%gM*g%gN2KbIr}n&d$!y&dt!!(9zJ((b3V;($dq@)6~?|)z#J4*VozE z+1uOO-QC?QUjxqgHpeUs%xPU|Dwm@VT8WkMH z1sv|n;!?0$6QYEo($unvF(!sB4flQD_kES)|6}g+&1khckeq!#B)KICXQ7TQ&XThP)Wc;Zv!q&&+aEYaE$3Yv*O^t}F>qNeS0#JZjH>l!6g891ZE)|2 z&(%koDV0t=I@oGeW3(u59XMZz?N4=fvE9K-*xhEbMQmxUTlDP0-^OXr zQ41P_l(qL(+MQLRm=^W4A77xkCGmdV3?pn{cLTb}R6h2V{Z}D0Ww$L&I^NS|pS^A8 z@Y-t$9&Twxtwc@*d?{S()>zNn4Py+l7yCl12se1W#(pc=+>&@dZxw9@rE>x;J$raR z{*q4XWNt6%*xz7ACmkI9&H1H6_GVS2SC>wHePX3EgO+X)=}hkpD&u61a97nfbG zl5I>X)Pab-Y}K_R0?IGOu)aJ!AQ+dAhCCCFTb8Z2HpNU+?L?e$+Oj zPB8AhbnBT1Ge=N5`1F@6m6bidOUXH1IsXU+)ql8)-C(QSmKGgEk+A2q#-vW+gAc?Pd> zD!0Dy;8DC`Uts4vzVX^(hIqTGCN_aT#8GvQ=}nf9Vvr>H5^Dr~2zt zI?B_qbcpw{rE?rh=kNitFO!*0>FljkO7I;EFDff%FX3gL+A^e5T8pB!k|rHm4_lx= zyg2Txsx3o0RTdG3>j~)?Wnfg7E$yLtR?pVl!Y%M}I%+RwEe|wt2=6yUe`IevT|r*vvv6@_(I%H8g@LW3-3#TJj-F4pj$sx7a=>V^B0E!?&=I_>P0{m~)K zUO>~l+KZySn%@I!Zg9_{49^_bD_Xs5ko7M82YbIQ%5c2~+Y$D3?^E4Rp3B{lolfcG zLcFcP<@{8Ka!^0Je?ez0?MCC=x+_cKzte0)|l{zU>U zhr0*sdCu>`(!sj0q_dJE2R|nQwHSaYXkQiZpZDzS)na(i`^n5&BffOvkDET5H5}~P2m*I4bebm@3`WyIYO ztxa+yC~XUdK-%%oGB?j_4rn`_pY zUW5c{A*AEwmBk8-j~nKnmG|NPQtMMXyY#sLWqVxh>Zubsa<4WnFN69^txxH+2vM3hrGr_61D|x% z3RystxGiCh4_I5q^K*Ve-rK8K!>P1OMf9`Iz!+1Q253U*y2P$6K zS?hSDQ%Bx$q5e|qEgil-z1-?wI^y6jG*w72ARUA5b$Y4tB{uz2z{pZM*gt(CtnteI zNQXzo?Qx<0Qi~By#-DFV-Wq(dc&-h2rhpO2e4$xsMq%mTZ}$$}t9pTG;o`Qq1ke_8 zF$?g@0qM|sE~N~Q8zP8PbEWg~_Uk3dOUPTBFXq`L__9_->NHlDnu;c?7COUh(!B+v z7l;-vTw7HAb>(6f;+36oEl!#*yA8rQ#6PDN|EeQMUP9j5d@;{1VPziHTQF16WYt1v zm?64XCx~rYc&3n5{mBR3KwjAy7tXJ25Y8d~Iki5d6U#_!m|48vBFAH4uULNN?WxGG zoayzqu<4VILM>_&^x+J9b#(G8PxV!2I&Hf1D`!&aq!wQ-8RH%`p)yLPGl|N{D4`fD zn~6%WEWezmHc{Ha61mg9(%`KL`f?(#I)mjo9>hw0ueif426$Xg6h64^N(g_pghL|DQ7Ki=G2%ilGA^f z&)zzq89RE70pwS9vLzcvNa&^b7aaWm-H$%?eEarPdgIeC=y}WPm8E&8()st_o6$hY zYWw>tZC-S}d3|!ei?h|ju9y6M5DYh|#~1^M69Fl2^|qD6c+!z}{?P3YDg$hDJkt3U zwtxNg!()_Atr1T;Ry}VEyI%6Q&@kMj9%GDtq*J4bQ;w)~p8NBMBKGT`DV+(mYqg!nMF~vvgHiVmrA!rE}eh=@q<`8m@l>vQk+NFVRZ*7Lr%tH zC`U3}56Vj{>M8yi%HiBA&#|^eJD}0&;20vmvZAQN^H4V|p9ijgcJ}3a$?_MMT_j_i zdxF(l))&XL?1{_EB)M4U0^1t7bpH1H4`6P1&3Wdb(qusKVs;p1#29I8Fv4bLKqE7< z4tuysDvf$h4regWF~Bt&xtY~tf`Kt;wm05Pqp0N#OV1lPw{nAXBTPCfwcz~q=t2hn zd4XOfb{n&#O#DgO%9|6*zD#zAvf_1m{I2NtC6a#bG`aMwW@LY3kj`Iz_m&I$AwDB_^2X7~qL8LV^CyGFt>`LhNP2Q`RvXa z6hk^KnoJIoj>x`jNoQZ=TvoQRzctTRdEum&LzT{-K5^Hf`+O$`7}gn3Y`_$W%aF== ztTV!pbb!prpmel)J*AT`<{_@Rr*xb#lyvmW$e?s^+m~cxN{8iPcBF&HxHyl;u%vTw zUNYA5y7T7Gbh~H9ES*2R{6(L0pDIU^92{a9y?+^uFd!XSuZMK>dOf9stoP;Ud6NUu zamP^7!KYBBw}qsm$m$rhrZcFC^APYRB8|~%HSf%qN^cwKXd6m8Dt~#7D zh5Z_gu$d#7GQzT+Uph`bk95pD#{kzHkd9}JfOP0+;>4XaFy}5ww^CqKF@ zdX5*-Z2i2P8K-ofeBSF?qvvuJX>3ryPLAYa7pm7%nTL4`)t@09hdGAw979_MF)hY; z+8u*3)>fuv)k5V+E?(Cjt`J^r$Z^RQUH)bluSD%LS-#XI%iqo_5yq9hhw#>{$i93U znPsHjdG)oQv|XZQCl;@aM>@a8_9S}s7`R+T8k-cbog*2p*NP6T76!Qt=5TgNXgFUp zKuib6Xz+Z@Q~1S`3w68WnYH!Nvr6&K99Uhl8;6@zkUB*Xwq#gzmW{Z;@v4o3|TC0rqqaZ ze*UA^PPmsU(uO8Cer!Y58gN7UeaeCCg~xJA$Tf&o0@9r{N%guMX9BhKsrDD z&U?}Wky;Yz{P>&iN)JS8Nu=|`Z@d#^lZVeM`}tk+7@ihEi%IhK%?J-`9+rQm_aUp2 z=M1a<%43?*Ssh>Y(98?x>-AGTr1QP6y&YhaW4sKy?<4Lfeof9SE?*2Y!o`tGr(%)D z)O+XPmn-(6!;#}od+(t(jTgf+di=ot!XBoc6GjjYA2WcB=rPx!vsdseGhyj``>SsQ ze#7EfBZe7J33AB#Kt8_MWrVu`=s9}nxc))W9E?E}%~yxuNN-I3r+UZv~{ovqp?XI(BAcA7AV;!v7!Xxc))XAvqRJUwBMfi`v)hp9{t# z9V^zHSUUI-K9EgDTDCV~@!4cM3$jD}YL!`Li^X;_ySl-h4#9{C+DG|5HX|Y(mq^wbW-B_x_AZmX%Na!}>t*Iy6+=pz z`EVDAF$w9YdX%STo-*lt|LgAn*<_UuSzG4C;*g;%$QJQyR;Fk~M~nvKQWo{_WhMzD zY3+~^N>7PScc#fYtb9|YxX2ggJP9&=t`H5s)Mz)&!7x@;WlyzR&9QWK4 z(PJldn)$GE@za;?1*JoJxj^fklv`3dG!3Q0CPSZ^xE!*cgV^ME-J6M)8ChQA?DwXt zdg`?%jEd+2j4&I+MsRem;4IB<3-+$^Z3ECz%Vhp1?FFM2Pzp=JLU^w`j9kWJh#5UZ zIS(owmq>;XE?(InlIO20>c>m&;5(GSS;@T$|1-O>(>x7HhmY|Q+~O(480pe+*ktF8 zA*de?S+Ku0zw1cH%#3WL;Wo+?*K8nHU4RkxNyj0Qk?CJT>G0DULC<#*wAcqfaB`WP z3&PygG2|;w4MZddq@(r{!a13AGVX#WwsdSZ*?D6K>W4!X?5~jp8Iq2f8QCu##Wg$9 zfyaQPV-d;7^lt>xA^5WI2d&x-N-jgvfr#W-(jkQN*rnsJ$<7LyuT8KOjOF9;jY=~n}=|DHEvUr9aTp=?y5Ry(&!%zE?4wB^Z7^UNUIXANm zt7vFE4%uLTb?JC`<*;;2uDPdl6p?Jq$RUy$`#Y#~1d;46lNa!#d8NP#S)Tr$(lMxK zM>SY}LnwtfgM`5ioKweqn ziyJ)qvX2oiNJiKmL#LTRuN?o>KSm3cb6Jex^3Na-9KwSOSI?Lc<}?<{`sm)U!oPHllcKo_Lvs0EEd%4EcvgJ2_I ztW&e36Bo<`;v9?an}6#AgjNE+C}J9Vtt5{%ix{%{g^OSSt@Lb9pmehC`^HBk9Yst- z(y`cIT{`*oR63)T4##gfja#<(U3D9Pauur [!NOTE] +> To get a list of all the time zones, run the following command: +> timedatectl list-timezones + +> Examples for timezones: +> America/Los_Angeles +> America/New_York +> America/Chicago +> America/Denver + +## To set the Cron job + +**To backup crontab entries:** + +sudo crontab -l > /var/tmp/cron_backup_200919.dat + +> [!NOTE] +> Where 200919 == YRMMDD + +> TIP: +> Do this before you edit or remove. +> To edit the crontab and add a new job as a root user: +> sudo crontab -e + +> [!NOTE] +> The default editor is VIM + +You might see: + +0 * * * * /etc/opt/microsoft/mdatp/logrorate.sh + +Press “Insert” + +Add the following entries: + +CRON_TZ=America/Los_Angeles + +0 2 * * sat /bin/mdatp scan quick > ~/mdatp_cron_job.log + +> [!NOTE] +> In this example, we are setting it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8) + +Press “Esc” + +Type “:wq” w/o the double quotes. + +> [!NOTE] +> w == write, q == quit + +To view your cron jobs, type sudo crontab -l + +:::image type="content" source="../../../../images/linux-mdatp.png" alt-text="linux mdatp"::: + +**How to inspect cron job runs:** + +sudo grep mdatp /var/log/cron + +**How to inspect the mdatp_cron_job.log** +sudo nano mdatp_cron_job.log + +## For those of you that are using Ansible, Chef, or Puppet] +### How to set cron jobs in Ansible: + +cron – Manage cron.d and crontab entries + +See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html) + +### How to set crontabs in Chef: +cron resource + +See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/) + +### How to set cron jobs in Puppet: +Resource Type: cron + +See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs/puppet/5.5/types/cron.html) + +Automating with Puppet: Cron jobs and scheduled tasks + +See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/) + +## Additional information: + +**To get help with crontab** +man crontab + +**To get a list of crontab file of the current user:** + +crontab -l + +**To get a list of crontab file of another user:** + +crontab -u username -l + +**To backup crontab entries:** + +crontab -l > /var/tmp/cron_backup.dat +> [!TIP] +> Do this before you edit or remove. + +**To restore crontab entries:** + +crontab /var/tmp/cron_backup.dat + +**To edit the crontab and add a new job as a root user:** + +Sudo crontab -e + +**To edit the crontab and add a new job:** + +crontab -e + +**To edit other user’s crontab entries:** + +crontab -u username -e + +**To remove all crontab entries:** + +crontab -r + +**To remove other user’s crontab entries:** + +crontab -u username -r + +**Explanation**: + ++—————- minute (values: 0 – 59) (special characters: , – * /) + +| +————- hour (values: 0 – 23) (special characters: , – * /) + +| | +———- day of month (values: 1 – 31) (special characters: , – * / L W C) + +| | | +——- month (values: 1 – 12) (special characters: ,- * / ) +| | | | +—- day of week (values: 0 – 6) (Sunday=0 or 7) (special characters: , – * / L W C) +| | | | | +* * * * * command to be executed + + + + + + + + + +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] + + +While you can start a threat scan at any time with Microsoft Defender ATP, your enterprise might benefit from scheduled or timed scans. For example, you can schedule a scan to run at the beginning of every workday or week. + +## Schedule a scan with *launchd* + +You can create a scanning schedule using the *launchd* daemon on a macOS device. + +1. The following code shows the schema you need to use to schedule a scan. Open a text editor and use this example as a guide for your own scheduled scan file. + + For more information on the *.plist* file format used here, see [About Information Property List Files](https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/AboutInformationPropertyListFiles.html) at the official Apple developer website. + + ```XML + + + + + Label + com.microsoft.wdav.schedquickscan + ProgramArguments + + sh + -c + /usr/local/bin/mdatp --scan --quick + + RunAtLoad + + StartCalendarInterval + + Day + 3 + Hour + 2 + Minute + 0 + Weekday + 5 + + StartInterval + 604800 + WorkingDirectory + /usr/local/bin/ + + + ``` + +2. Save the file as *com.microsoft.wdav.schedquickscan.plist*. + + > [!TIP] + > To run a full scan instead of a quick scan, change line 12, `/usr/local/bin/mdatp --scan --quick`, to use the `--full` option instead of `--quick` (i.e. `/usr/local/bin/mdatp --scan --full`) and save the file as *com.microsoft.wdav.sched**full**scan.plist* instead of *com.microsoft.wdav.sched**quick**scan.plist*. + +3. Open **Terminal**. +4. Enter the following commands to load your file: + + ```bash + launchctl load /Library/LaunchDaemons/ + launchctl start + ``` + +5. Your scheduled scan will run at the date, time, and frequency you defined in your p-list. In the example, the scan runs at 2:00 AM every Friday. + + Note that the `StartInterval` value is in seconds, indicating that scans should run every 604,800 seconds (one week), while the `Weekday` value of `StartCalendarInterval` uses an integer to indicate the fifth day of the week, or Friday. + + > [!IMPORTANT] + > Agents executed with *launchd* will not run at the scheduled time while the device is asleep. They will instead run once the device resumes from sleep mode. + > + > If the device is turned off, the scan will run at the next scheduled scan time. + +## Schedule a scan with Intune + +You can also schedule scans with Microsoft Intune. The [runMDATPQuickScan.sh](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP#runmdatpquickscansh) shell script available at [Scripts for Microsoft Defender Advanced Threat Protection](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP) will persist when the device resumes from sleep mode. + +See [Use shell scripts on macOS devices in Intune](https://docs.microsoft.com/mem/intune/apps/macos-shell-scripts) for more detailed instructions on how to use this script in your enterprise. From da50b63b45e3cfe776aa45fccfe215ca77d1c256 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Mon, 12 Oct 2020 14:22:47 +0530 Subject: [PATCH 02/21] Update linux-schedule-scan-atp.md --- .../linux-schedule-scan-atp.md | 109 +++--------------- 1 file changed, 15 insertions(+), 94 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 8515254bac..0d706608ba 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -26,14 +26,16 @@ Linux (and Unix) have the tool called **crontab** (similar to Task Scheduler) to ## Pre-requisite > [!NOTE] -> To get a list of all the time zones, run the following command: -> timedatectl list-timezones + +To get a list of all the time zones, run the following command: + +timedatectl list-timezones > Examples for timezones: -> America/Los_Angeles -> America/New_York -> America/Chicago -> America/Denver +America/Los_Angeles +America/New_York +America/Chicago +America/Denver ## To set the Cron job @@ -42,12 +44,13 @@ Linux (and Unix) have the tool called **crontab** (similar to Task Scheduler) to sudo crontab -l > /var/tmp/cron_backup_200919.dat > [!NOTE] -> Where 200919 == YRMMDD + +Where 200919 == YRMMDD > TIP: -> Do this before you edit or remove. -> To edit the crontab and add a new job as a root user: -> sudo crontab -e +Do this before you edit or remove. +To edit the crontab and add a new job as a root user: +sudo crontab -e > [!NOTE] > The default editor is VIM @@ -65,14 +68,14 @@ CRON_TZ=America/Los_Angeles 0 2 * * sat /bin/mdatp scan quick > ~/mdatp_cron_job.log > [!NOTE] -> In this example, we are setting it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8) +In this example, we are setting it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8) Press “Esc” Type “:wq” w/o the double quotes. > [!NOTE] -> w == write, q == quit + w == write, q == quit To view your cron jobs, type sudo crontab -l @@ -163,85 +166,3 @@ crontab -u username -r * * * * * command to be executed - - - - - - - -[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - - -While you can start a threat scan at any time with Microsoft Defender ATP, your enterprise might benefit from scheduled or timed scans. For example, you can schedule a scan to run at the beginning of every workday or week. - -## Schedule a scan with *launchd* - -You can create a scanning schedule using the *launchd* daemon on a macOS device. - -1. The following code shows the schema you need to use to schedule a scan. Open a text editor and use this example as a guide for your own scheduled scan file. - - For more information on the *.plist* file format used here, see [About Information Property List Files](https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/AboutInformationPropertyListFiles.html) at the official Apple developer website. - - ```XML - - - - - Label - com.microsoft.wdav.schedquickscan - ProgramArguments - - sh - -c - /usr/local/bin/mdatp --scan --quick - - RunAtLoad - - StartCalendarInterval - - Day - 3 - Hour - 2 - Minute - 0 - Weekday - 5 - - StartInterval - 604800 - WorkingDirectory - /usr/local/bin/ - - - ``` - -2. Save the file as *com.microsoft.wdav.schedquickscan.plist*. - - > [!TIP] - > To run a full scan instead of a quick scan, change line 12, `/usr/local/bin/mdatp --scan --quick`, to use the `--full` option instead of `--quick` (i.e. `/usr/local/bin/mdatp --scan --full`) and save the file as *com.microsoft.wdav.sched**full**scan.plist* instead of *com.microsoft.wdav.sched**quick**scan.plist*. - -3. Open **Terminal**. -4. Enter the following commands to load your file: - - ```bash - launchctl load /Library/LaunchDaemons/ - launchctl start - ``` - -5. Your scheduled scan will run at the date, time, and frequency you defined in your p-list. In the example, the scan runs at 2:00 AM every Friday. - - Note that the `StartInterval` value is in seconds, indicating that scans should run every 604,800 seconds (one week), while the `Weekday` value of `StartCalendarInterval` uses an integer to indicate the fifth day of the week, or Friday. - - > [!IMPORTANT] - > Agents executed with *launchd* will not run at the scheduled time while the device is asleep. They will instead run once the device resumes from sleep mode. - > - > If the device is turned off, the scan will run at the next scheduled scan time. - -## Schedule a scan with Intune - -You can also schedule scans with Microsoft Intune. The [runMDATPQuickScan.sh](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP#runmdatpquickscansh) shell script available at [Scripts for Microsoft Defender Advanced Threat Protection](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP) will persist when the device resumes from sleep mode. - -See [Use shell scripts on macOS devices in Intune](https://docs.microsoft.com/mem/intune/apps/macos-shell-scripts) for more detailed instructions on how to use this script in your enterprise. From 32e1b1490b117de100bbed41d6478cb7e035c398 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Mon, 12 Oct 2020 15:12:25 +0530 Subject: [PATCH 03/21] Update linux-schedule-scan-atp.md minor corrections during self review --- .../linux-schedule-scan-atp.md | 62 +++++++++---------- 1 file changed, 30 insertions(+), 32 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 0d706608ba..aee27d7e1f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -27,33 +27,31 @@ Linux (and Unix) have the tool called **crontab** (similar to Task Scheduler) to > [!NOTE] -To get a list of all the time zones, run the following command: - -timedatectl list-timezones +> To get a list of all the time zones, run the following command: +`timedatectl list-timezones` > Examples for timezones: -America/Los_Angeles -America/New_York -America/Chicago -America/Denver +> - `America/Los_Angeles` +> - `America/New_York` +>- `America/Chicago` +>- `America/Denver` ## To set the Cron job **To backup crontab entries:** -sudo crontab -l > /var/tmp/cron_backup_200919.dat +`sudo crontab -l > /var/tmp/cron_backup_200919.dat` > [!NOTE] - -Where 200919 == YRMMDD +> Where 200919 == YRMMDD > TIP: Do this before you edit or remove. -To edit the crontab and add a new job as a root user: -sudo crontab -e +To edit the crontab, and add a new job as a root user: +`sudo crontab -e` > [!NOTE] -> The default editor is VIM +> The default editor is VIM. You might see: @@ -72,7 +70,7 @@ In this example, we are setting it to 00 minutes, 2 a.m. (hour in 24 hour format Press “Esc” -Type “:wq” w/o the double quotes. +Type “:wq” without the double quotes. > [!NOTE] w == write, q == quit @@ -83,22 +81,22 @@ To view your cron jobs, type sudo crontab -l **How to inspect cron job runs:** -sudo grep mdatp /var/log/cron +`sudo grep mdatp /var/log/cron` **How to inspect the mdatp_cron_job.log** -sudo nano mdatp_cron_job.log +`sudo nano mdatp_cron_job.log` -## For those of you that are using Ansible, Chef, or Puppet] +## For those who use Ansible, Chef, or Puppet] ### How to set cron jobs in Ansible: -cron – Manage cron.d and crontab entries +`cron – Manage cron.d and crontab entries` -See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html) +See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html) for more information. ### How to set crontabs in Chef: -cron resource +`cron resource` -See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/) +See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/) for more information. ### How to set cron jobs in Puppet: Resource Type: cron @@ -107,50 +105,50 @@ See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs Automating with Puppet: Cron jobs and scheduled tasks -See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/) +See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/) for more information. ## Additional information: **To get help with crontab** -man crontab +`man crontab` **To get a list of crontab file of the current user:** -crontab -l +`crontab -l` **To get a list of crontab file of another user:** -crontab -u username -l +`crontab -u username -l` **To backup crontab entries:** -crontab -l > /var/tmp/cron_backup.dat +`crontab -l > /var/tmp/cron_backup.dat` > [!TIP] > Do this before you edit or remove. **To restore crontab entries:** -crontab /var/tmp/cron_backup.dat +`crontab /var/tmp/cron_backup.dat` **To edit the crontab and add a new job as a root user:** -Sudo crontab -e +`Sudo crontab -e` **To edit the crontab and add a new job:** -crontab -e +`crontab -e` **To edit other user’s crontab entries:** -crontab -u username -e +`crontab -u username -e` **To remove all crontab entries:** -crontab -r +`crontab -r` **To remove other user’s crontab entries:** -crontab -u username -r +`crontab -u username -r` **Explanation**: From 970adb587ffd9881b9a735f74d6b7e9bdbe370ab Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Mon, 12 Oct 2020 15:27:59 +0530 Subject: [PATCH 04/21] Add files via upload Added new file --- .../threat-protection/images/linux-mdatp.png | Bin 0 -> 5634 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/security/threat-protection/images/linux-mdatp.png diff --git a/windows/security/threat-protection/images/linux-mdatp.png b/windows/security/threat-protection/images/linux-mdatp.png new file mode 100644 index 0000000000000000000000000000000000000000..f8c9c07b16906f1465cf3b97f50b71ab49b3f10f GIT binary patch literal 5634 zcmV+d7X9goP)4_KtMo6D;h>!XGcdzOG`^k zOiWEpO;Au!Qc_Y=Q&Ut_R8>_~R#sM5S65hASXo(FT3T9NU0q&YUSD5dU`H%sVP0cl zUt?lmV`F1vV_;-sVPs@vWn^MyWn*S#V`^$@Yinz4D*$Y4Yi(_8Zf$LDZfCf> zsHv%`sj8}~s;R1~s;jH3tgNi9t*x%EuCcMPvT!c5uc@=Mv$V0QwX?0YwY9gjuDG_a zxwWynwz9gov%9&pytuTyyu7`;w!XTyzP+EnySKl;zrnq^!NI}8!otPR-^S11#?ar! z(BR69Ps+im%gM*g%gN2KbIr}n&d$!y&dt!!(9zJ((b3V;($dq@)6~?|)z#J4*VozE z+1uOO-QC?QUjxqgHpeUs%xPU|Dwm@VT8WkMH z1sv|n;!?0$6QYEo($unvF(!sB4flQD_kES)|6}g+&1khckeq!#B)KICXQ7TQ&XThP)Wc;Zv!q&&+aEYaE$3Yv*O^t}F>qNeS0#JZjH>l!6g891ZE)|2 z&(%koDV0t=I@oGeW3(u59XMZz?N4=fvE9K-*xhEbMQmxUTlDP0-^OXr zQ41P_l(qL(+MQLRm=^W4A77xkCGmdV3?pn{cLTb}R6h2V{Z}D0Ww$L&I^NS|pS^A8 z@Y-t$9&Twxtwc@*d?{S()>zNn4Py+l7yCl12se1W#(pc=+>&@dZxw9@rE>x;J$raR z{*q4XWNt6%*xz7ACmkI9&H1H6_GVS2SC>wHePX3EgO+X)=}hkpD&u61a97nfbG zl5I>X)Pab-Y}K_R0?IGOu)aJ!AQ+dAhCCCFTb8Z2HpNU+?L?e$+Oj zPB8AhbnBT1Ge=N5`1F@6m6bidOUXH1IsXU+)ql8)-C(QSmKGgEk+A2q#-vW+gAc?Pd> zD!0Dy;8DC`Uts4vzVX^(hIqTGCN_aT#8GvQ=}nf9Vvr>H5^Dr~2zt zI?B_qbcpw{rE?rh=kNitFO!*0>FljkO7I;EFDff%FX3gL+A^e5T8pB!k|rHm4_lx= zyg2Txsx3o0RTdG3>j~)?Wnfg7E$yLtR?pVl!Y%M}I%+RwEe|wt2=6yUe`IevT|r*vvv6@_(I%H8g@LW3-3#TJj-F4pj$sx7a=>V^B0E!?&=I_>P0{m~)K zUO>~l+KZySn%@I!Zg9_{49^_bD_Xs5ko7M82YbIQ%5c2~+Y$D3?^E4Rp3B{lolfcG zLcFcP<@{8Ka!^0Je?ez0?MCC=x+_cKzte0)|l{zU>U zhr0*sdCu>`(!sj0q_dJE2R|nQwHSaYXkQiZpZDzS)na(i`^n5&BffOvkDET5H5}~P2m*I4bebm@3`WyIYO ztxa+yC~XUdK-%%oGB?j_4rn`_pY zUW5c{A*AEwmBk8-j~nKnmG|NPQtMMXyY#sLWqVxh>Zubsa<4WnFN69^txxH+2vM3hrGr_61D|x% z3RystxGiCh4_I5q^K*Ve-rK8K!>P1OMf9`Iz!+1Q253U*y2P$6K zS?hSDQ%Bx$q5e|qEgil-z1-?wI^y6jG*w72ARUA5b$Y4tB{uz2z{pZM*gt(CtnteI zNQXzo?Qx<0Qi~By#-DFV-Wq(dc&-h2rhpO2e4$xsMq%mTZ}$$}t9pTG;o`Qq1ke_8 zF$?g@0qM|sE~N~Q8zP8PbEWg~_Uk3dOUPTBFXq`L__9_->NHlDnu;c?7COUh(!B+v z7l;-vTw7HAb>(6f;+36oEl!#*yA8rQ#6PDN|EeQMUP9j5d@;{1VPziHTQF16WYt1v zm?64XCx~rYc&3n5{mBR3KwjAy7tXJ25Y8d~Iki5d6U#_!m|48vBFAH4uULNN?WxGG zoayzqu<4VILM>_&^x+J9b#(G8PxV!2I&Hf1D`!&aq!wQ-8RH%`p)yLPGl|N{D4`fD zn~6%WEWezmHc{Ha61mg9(%`KL`f?(#I)mjo9>hw0ueif426$Xg6h64^N(g_pghL|DQ7Ki=G2%ilGA^f z&)zzq89RE70pwS9vLzcvNa&^b7aaWm-H$%?eEarPdgIeC=y}WPm8E&8()st_o6$hY zYWw>tZC-S}d3|!ei?h|ju9y6M5DYh|#~1^M69Fl2^|qD6c+!z}{?P3YDg$hDJkt3U zwtxNg!()_Atr1T;Ry}VEyI%6Q&@kMj9%GDtq*J4bQ;w)~p8NBMBKGT`DV+(mYqg!nMF~vvgHiVmrA!rE}eh=@q<`8m@l>vQk+NFVRZ*7Lr%tH zC`U3}56Vj{>M8yi%HiBA&#|^eJD}0&;20vmvZAQN^H4V|p9ijgcJ}3a$?_MMT_j_i zdxF(l))&XL?1{_EB)M4U0^1t7bpH1H4`6P1&3Wdb(qusKVs;p1#29I8Fv4bLKqE7< z4tuysDvf$h4regWF~Bt&xtY~tf`Kt;wm05Pqp0N#OV1lPw{nAXBTPCfwcz~q=t2hn zd4XOfb{n&#O#DgO%9|6*zD#zAvf_1m{I2NtC6a#bG`aMwW@LY3kj`Iz_m&I$AwDB_^2X7~qL8LV^CyGFt>`LhNP2Q`RvXa z6hk^KnoJIoj>x`jNoQZ=TvoQRzctTRdEum&LzT{-K5^Hf`+O$`7}gn3Y`_$W%aF== ztTV!pbb!prpmel)J*AT`<{_@Rr*xb#lyvmW$e?s^+m~cxN{8iPcBF&HxHyl;u%vTw zUNYA5y7T7Gbh~H9ES*2R{6(L0pDIU^92{a9y?+^uFd!XSuZMK>dOf9stoP;Ud6NUu zamP^7!KYBBw}qsm$m$rhrZcFC^APYRB8|~%HSf%qN^cwKXd6m8Dt~#7D zh5Z_gu$d#7GQzT+Uph`bk95pD#{kzHkd9}JfOP0+;>4XaFy}5ww^CqKF@ zdX5*-Z2i2P8K-ofeBSF?qvvuJX>3ryPLAYa7pm7%nTL4`)t@09hdGAw979_MF)hY; z+8u*3)>fuv)k5V+E?(Cjt`J^r$Z^RQUH)bluSD%LS-#XI%iqo_5yq9hhw#>{$i93U znPsHjdG)oQv|XZQCl;@aM>@a8_9S}s7`R+T8k-cbog*2p*NP6T76!Qt=5TgNXgFUp zKuib6Xz+Z@Q~1S`3w68WnYH!Nvr6&K99Uhl8;6@zkUB*Xwq#gzmW{Z;@v4o3|TC0rqqaZ ze*UA^PPmsU(uO8Cer!Y58gN7UeaeCCg~xJA$Tf&o0@9r{N%guMX9BhKsrDD z&U?}Wky;Yz{P>&iN)JS8Nu=|`Z@d#^lZVeM`}tk+7@ihEi%IhK%?J-`9+rQm_aUp2 z=M1a<%43?*Ssh>Y(98?x>-AGTr1QP6y&YhaW4sKy?<4Lfeof9SE?*2Y!o`tGr(%)D z)O+XPmn-(6!;#}od+(t(jTgf+di=ot!XBoc6GjjYA2WcB=rPx!vsdseGhyj``>SsQ ze#7EfBZe7J33AB#Kt8_MWrVu`=s9}nxc))W9E?E}%~yxuNN-I3r+UZv~{ovqp?XI(BAcA7AV;!v7!Xxc))XAvqRJUwBMfi`v)hp9{t# z9V^zHSUUI-K9EgDTDCV~@!4cM3$jD}YL!`Li^X;_ySl-h4#9{C+DG|5HX|Y(mq^wbW-B_x_AZmX%Na!}>t*Iy6+=pz z`EVDAF$w9YdX%STo-*lt|LgAn*<_UuSzG4C;*g;%$QJQyR;Fk~M~nvKQWo{_WhMzD zY3+~^N>7PScc#fYtb9|YxX2ggJP9&=t`H5s)Mz)&!7x@;WlyzR&9QWK4 z(PJldn)$GE@za;?1*JoJxj^fklv`3dG!3Q0CPSZ^xE!*cgV^ME-J6M)8ChQA?DwXt zdg`?%jEd+2j4&I+MsRem;4IB<3-+$^Z3ECz%Vhp1?FFM2Pzp=JLU^w`j9kWJh#5UZ zIS(owmq>;XE?(InlIO20>c>m&;5(GSS;@T$|1-O>(>x7HhmY|Q+~O(480pe+*ktF8 zA*de?S+Ku0zw1cH%#3WL;Wo+?*K8nHU4RkxNyj0Qk?CJT>G0DULC<#*wAcqfaB`WP z3&PygG2|;w4MZddq@(r{!a13AGVX#WwsdSZ*?D6K>W4!X?5~jp8Iq2f8QCu##Wg$9 zfyaQPV-d;7^lt>xA^5WI2d&x-N-jgvfr#W-(jkQN*rnsJ$<7LyuT8KOjOF9;jY=~n}=|DHEvUr9aTp=?y5Ry(&!%zE?4wB^Z7^UNUIXANm zt7vFE4%uLTb?JC`<*;;2uDPdl6p?Jq$RUy$`#Y#~1d;46lNa!#d8NP#S)Tr$(lMxK zM>SY}LnwtfgM`5ioKweqn ziyJ)qvX2oiNJiKmL#LTRuN?o>KSm3cb6Jex^3Na-9KwSOSI?Lc<}?<{`sm)U!oPHllcKo_Lvs0EEd%4EcvgJ2_I ztW&e36Bo<`;v9?an}6#AgjNE+C}J9Vtt5{%ix{%{g^OSSt@Lb9pmehC`^HBk9Yst- z(y`cIT{`*oR63)T4##gfja#<(U3D9Pauur Date: Mon, 12 Oct 2020 17:25:02 +0530 Subject: [PATCH 05/21] Linux_MDATP_4490409 Minor edits --- .../threat-protection/images}/linux-mdatp.png | Bin .../linux-schedule-scan-atp.md | 34 ++++++++++-------- 2 files changed, 20 insertions(+), 14 deletions(-) rename {images => windows/security/threat-protection/images}/linux-mdatp.png (100%) diff --git a/images/linux-mdatp.png b/windows/security/threat-protection/images/linux-mdatp.png similarity index 100% rename from images/linux-mdatp.png rename to windows/security/threat-protection/images/linux-mdatp.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index aee27d7e1f..347e58511a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -19,16 +19,16 @@ ms.topic: conceptual # Schedule scans with Microsoft Defender ATP for Linux -For the command line to be able to run a scan on MDATP for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). +To run a scan on MDATP for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). -Linux (and Unix) have the tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks. +Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks. ## Pre-requisite > [!NOTE] -> To get a list of all the time zones, run the following command: -`timedatectl list-timezones` +> To get a list of all the time zones, run the following command: +> `timedatectl list-timezones` > Examples for timezones: > - `America/Los_Angeles` @@ -37,6 +37,7 @@ Linux (and Unix) have the tool called **crontab** (similar to Task Scheduler) to >- `America/Denver` ## To set the Cron job +Use the following commands: **To backup crontab entries:** @@ -66,7 +67,7 @@ CRON_TZ=America/Los_Angeles 0 2 * * sat /bin/mdatp scan quick > ~/mdatp_cron_job.log > [!NOTE] -In this example, we are setting it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8) +In this example, we have set it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8). Press “Esc” @@ -75,33 +76,36 @@ Type “:wq” without the double quotes. > [!NOTE] w == write, q == quit -To view your cron jobs, type sudo crontab -l +To view your cron jobs, type `sudo crontab -l` -:::image type="content" source="../../../../images/linux-mdatp.png" alt-text="linux mdatp"::: +:::image type="content" source="..\images\linux-mdatp.png" alt-text="linux mdatp"::: -**How to inspect cron job runs:** +**To inspect cron job runs:** `sudo grep mdatp /var/log/cron` -**How to inspect the mdatp_cron_job.log** +**To inspect the mdatp_cron_job.log** + `sudo nano mdatp_cron_job.log` ## For those who use Ansible, Chef, or Puppet] -### How to set cron jobs in Ansible: + +Use the following commands: +### To set cron jobs in Ansible: `cron – Manage cron.d and crontab entries` See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html) for more information. -### How to set crontabs in Chef: +### To set crontabs in Chef: `cron resource` See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/) for more information. -### How to set cron jobs in Puppet: +### To set cron jobs in Puppet: Resource Type: cron -See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs/puppet/5.5/types/cron.html) +See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs/puppet/5.5/types/cron.html) for more information. Automating with Puppet: Cron jobs and scheduled tasks @@ -110,6 +114,7 @@ See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](h ## Additional information: **To get help with crontab** + `man crontab` **To get a list of crontab file of the current user:** @@ -161,6 +166,7 @@ See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](h | | | +——- month (values: 1 – 12) (special characters: ,- * / ) | | | | +—- day of week (values: 0 – 6) (Sunday=0 or 7) (special characters: , – * / L W C) | | | | | -* * * * * command to be executed + +*****command to be executed From a86c74982cd7697a858c64c1c468dfc8f1e9a854 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Mon, 12 Oct 2020 17:56:30 +0530 Subject: [PATCH 06/21] linux-mdatp-1.png New file --- .../threat-protection/images/linux-mdatp-1.png | Bin 0 -> 5634 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/security/threat-protection/images/linux-mdatp-1.png diff --git a/windows/security/threat-protection/images/linux-mdatp-1.png b/windows/security/threat-protection/images/linux-mdatp-1.png new file mode 100644 index 0000000000000000000000000000000000000000..f8c9c07b16906f1465cf3b97f50b71ab49b3f10f GIT binary patch literal 5634 zcmV+d7X9goP)4_KtMo6D;h>!XGcdzOG`^k zOiWEpO;Au!Qc_Y=Q&Ut_R8>_~R#sM5S65hASXo(FT3T9NU0q&YUSD5dU`H%sVP0cl zUt?lmV`F1vV_;-sVPs@vWn^MyWn*S#V`^$@Yinz4D*$Y4Yi(_8Zf$LDZfCf> zsHv%`sj8}~s;R1~s;jH3tgNi9t*x%EuCcMPvT!c5uc@=Mv$V0QwX?0YwY9gjuDG_a zxwWynwz9gov%9&pytuTyyu7`;w!XTyzP+EnySKl;zrnq^!NI}8!otPR-^S11#?ar! z(BR69Ps+im%gM*g%gN2KbIr}n&d$!y&dt!!(9zJ((b3V;($dq@)6~?|)z#J4*VozE z+1uOO-QC?QUjxqgHpeUs%xPU|Dwm@VT8WkMH z1sv|n;!?0$6QYEo($unvF(!sB4flQD_kES)|6}g+&1khckeq!#B)KICXQ7TQ&XThP)Wc;Zv!q&&+aEYaE$3Yv*O^t}F>qNeS0#JZjH>l!6g891ZE)|2 z&(%koDV0t=I@oGeW3(u59XMZz?N4=fvE9K-*xhEbMQmxUTlDP0-^OXr zQ41P_l(qL(+MQLRm=^W4A77xkCGmdV3?pn{cLTb}R6h2V{Z}D0Ww$L&I^NS|pS^A8 z@Y-t$9&Twxtwc@*d?{S()>zNn4Py+l7yCl12se1W#(pc=+>&@dZxw9@rE>x;J$raR z{*q4XWNt6%*xz7ACmkI9&H1H6_GVS2SC>wHePX3EgO+X)=}hkpD&u61a97nfbG zl5I>X)Pab-Y}K_R0?IGOu)aJ!AQ+dAhCCCFTb8Z2HpNU+?L?e$+Oj zPB8AhbnBT1Ge=N5`1F@6m6bidOUXH1IsXU+)ql8)-C(QSmKGgEk+A2q#-vW+gAc?Pd> zD!0Dy;8DC`Uts4vzVX^(hIqTGCN_aT#8GvQ=}nf9Vvr>H5^Dr~2zt zI?B_qbcpw{rE?rh=kNitFO!*0>FljkO7I;EFDff%FX3gL+A^e5T8pB!k|rHm4_lx= zyg2Txsx3o0RTdG3>j~)?Wnfg7E$yLtR?pVl!Y%M}I%+RwEe|wt2=6yUe`IevT|r*vvv6@_(I%H8g@LW3-3#TJj-F4pj$sx7a=>V^B0E!?&=I_>P0{m~)K zUO>~l+KZySn%@I!Zg9_{49^_bD_Xs5ko7M82YbIQ%5c2~+Y$D3?^E4Rp3B{lolfcG zLcFcP<@{8Ka!^0Je?ez0?MCC=x+_cKzte0)|l{zU>U zhr0*sdCu>`(!sj0q_dJE2R|nQwHSaYXkQiZpZDzS)na(i`^n5&BffOvkDET5H5}~P2m*I4bebm@3`WyIYO ztxa+yC~XUdK-%%oGB?j_4rn`_pY zUW5c{A*AEwmBk8-j~nKnmG|NPQtMMXyY#sLWqVxh>Zubsa<4WnFN69^txxH+2vM3hrGr_61D|x% z3RystxGiCh4_I5q^K*Ve-rK8K!>P1OMf9`Iz!+1Q253U*y2P$6K zS?hSDQ%Bx$q5e|qEgil-z1-?wI^y6jG*w72ARUA5b$Y4tB{uz2z{pZM*gt(CtnteI zNQXzo?Qx<0Qi~By#-DFV-Wq(dc&-h2rhpO2e4$xsMq%mTZ}$$}t9pTG;o`Qq1ke_8 zF$?g@0qM|sE~N~Q8zP8PbEWg~_Uk3dOUPTBFXq`L__9_->NHlDnu;c?7COUh(!B+v z7l;-vTw7HAb>(6f;+36oEl!#*yA8rQ#6PDN|EeQMUP9j5d@;{1VPziHTQF16WYt1v zm?64XCx~rYc&3n5{mBR3KwjAy7tXJ25Y8d~Iki5d6U#_!m|48vBFAH4uULNN?WxGG zoayzqu<4VILM>_&^x+J9b#(G8PxV!2I&Hf1D`!&aq!wQ-8RH%`p)yLPGl|N{D4`fD zn~6%WEWezmHc{Ha61mg9(%`KL`f?(#I)mjo9>hw0ueif426$Xg6h64^N(g_pghL|DQ7Ki=G2%ilGA^f z&)zzq89RE70pwS9vLzcvNa&^b7aaWm-H$%?eEarPdgIeC=y}WPm8E&8()st_o6$hY zYWw>tZC-S}d3|!ei?h|ju9y6M5DYh|#~1^M69Fl2^|qD6c+!z}{?P3YDg$hDJkt3U zwtxNg!()_Atr1T;Ry}VEyI%6Q&@kMj9%GDtq*J4bQ;w)~p8NBMBKGT`DV+(mYqg!nMF~vvgHiVmrA!rE}eh=@q<`8m@l>vQk+NFVRZ*7Lr%tH zC`U3}56Vj{>M8yi%HiBA&#|^eJD}0&;20vmvZAQN^H4V|p9ijgcJ}3a$?_MMT_j_i zdxF(l))&XL?1{_EB)M4U0^1t7bpH1H4`6P1&3Wdb(qusKVs;p1#29I8Fv4bLKqE7< z4tuysDvf$h4regWF~Bt&xtY~tf`Kt;wm05Pqp0N#OV1lPw{nAXBTPCfwcz~q=t2hn zd4XOfb{n&#O#DgO%9|6*zD#zAvf_1m{I2NtC6a#bG`aMwW@LY3kj`Iz_m&I$AwDB_^2X7~qL8LV^CyGFt>`LhNP2Q`RvXa z6hk^KnoJIoj>x`jNoQZ=TvoQRzctTRdEum&LzT{-K5^Hf`+O$`7}gn3Y`_$W%aF== ztTV!pbb!prpmel)J*AT`<{_@Rr*xb#lyvmW$e?s^+m~cxN{8iPcBF&HxHyl;u%vTw zUNYA5y7T7Gbh~H9ES*2R{6(L0pDIU^92{a9y?+^uFd!XSuZMK>dOf9stoP;Ud6NUu zamP^7!KYBBw}qsm$m$rhrZcFC^APYRB8|~%HSf%qN^cwKXd6m8Dt~#7D zh5Z_gu$d#7GQzT+Uph`bk95pD#{kzHkd9}JfOP0+;>4XaFy}5ww^CqKF@ zdX5*-Z2i2P8K-ofeBSF?qvvuJX>3ryPLAYa7pm7%nTL4`)t@09hdGAw979_MF)hY; z+8u*3)>fuv)k5V+E?(Cjt`J^r$Z^RQUH)bluSD%LS-#XI%iqo_5yq9hhw#>{$i93U znPsHjdG)oQv|XZQCl;@aM>@a8_9S}s7`R+T8k-cbog*2p*NP6T76!Qt=5TgNXgFUp zKuib6Xz+Z@Q~1S`3w68WnYH!Nvr6&K99Uhl8;6@zkUB*Xwq#gzmW{Z;@v4o3|TC0rqqaZ ze*UA^PPmsU(uO8Cer!Y58gN7UeaeCCg~xJA$Tf&o0@9r{N%guMX9BhKsrDD z&U?}Wky;Yz{P>&iN)JS8Nu=|`Z@d#^lZVeM`}tk+7@ihEi%IhK%?J-`9+rQm_aUp2 z=M1a<%43?*Ssh>Y(98?x>-AGTr1QP6y&YhaW4sKy?<4Lfeof9SE?*2Y!o`tGr(%)D z)O+XPmn-(6!;#}od+(t(jTgf+di=ot!XBoc6GjjYA2WcB=rPx!vsdseGhyj``>SsQ ze#7EfBZe7J33AB#Kt8_MWrVu`=s9}nxc))W9E?E}%~yxuNN-I3r+UZv~{ovqp?XI(BAcA7AV;!v7!Xxc))XAvqRJUwBMfi`v)hp9{t# z9V^zHSUUI-K9EgDTDCV~@!4cM3$jD}YL!`Li^X;_ySl-h4#9{C+DG|5HX|Y(mq^wbW-B_x_AZmX%Na!}>t*Iy6+=pz z`EVDAF$w9YdX%STo-*lt|LgAn*<_UuSzG4C;*g;%$QJQyR;Fk~M~nvKQWo{_WhMzD zY3+~^N>7PScc#fYtb9|YxX2ggJP9&=t`H5s)Mz)&!7x@;WlyzR&9QWK4 z(PJldn)$GE@za;?1*JoJxj^fklv`3dG!3Q0CPSZ^xE!*cgV^ME-J6M)8ChQA?DwXt zdg`?%jEd+2j4&I+MsRem;4IB<3-+$^Z3ECz%Vhp1?FFM2Pzp=JLU^w`j9kWJh#5UZ zIS(owmq>;XE?(InlIO20>c>m&;5(GSS;@T$|1-O>(>x7HhmY|Q+~O(480pe+*ktF8 zA*de?S+Ku0zw1cH%#3WL;Wo+?*K8nHU4RkxNyj0Qk?CJT>G0DULC<#*wAcqfaB`WP z3&PygG2|;w4MZddq@(r{!a13AGVX#WwsdSZ*?D6K>W4!X?5~jp8Iq2f8QCu##Wg$9 zfyaQPV-d;7^lt>xA^5WI2d&x-N-jgvfr#W-(jkQN*rnsJ$<7LyuT8KOjOF9;jY=~n}=|DHEvUr9aTp=?y5Ry(&!%zE?4wB^Z7^UNUIXANm zt7vFE4%uLTb?JC`<*;;2uDPdl6p?Jq$RUy$`#Y#~1d;46lNa!#d8NP#S)Tr$(lMxK zM>SY}LnwtfgM`5ioKweqn ziyJ)qvX2oiNJiKmL#LTRuN?o>KSm3cb6Jex^3Na-9KwSOSI?Lc<}?<{`sm)U!oPHllcKo_Lvs0EEd%4EcvgJ2_I ztW&e36Bo<`;v9?an}6#AgjNE+C}J9Vtt5{%ix{%{g^OSSt@Lb9pmehC`^HBk9Yst- z(y`cIT{`*oR63)T4##gfja#<(U3D9Pauur Date: Mon, 12 Oct 2020 20:54:38 +0530 Subject: [PATCH 07/21] 4490409 minor image tag changes --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 347e58511a..6862347fd7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -78,7 +78,7 @@ Type “:wq” without the double quotes. To view your cron jobs, type `sudo crontab -l` -:::image type="content" source="..\images\linux-mdatp.png" alt-text="linux mdatp"::: +:::image type="content" source="..\images\linux-mdatp-1.png" alt-text="linux mdatp"::: **To inspect cron job runs:** From 2c781644824327ee8ca4f743cda8455830c6a314 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Tue, 13 Oct 2020 19:55:32 +0530 Subject: [PATCH 08/21] Update linux-schedule-scan-atp.md --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 6862347fd7..4881a157db 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -88,7 +88,7 @@ To view your cron jobs, type `sudo crontab -l` `sudo nano mdatp_cron_job.log` -## For those who use Ansible, Chef, or Puppet] +## For those who use Ansible, Chef, or Puppet Use the following commands: ### To set cron jobs in Ansible: From cd76be762770237fe42059bdd96cd438e5eac045 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Tue, 13 Oct 2020 20:57:59 +0530 Subject: [PATCH 09/21] Update linux-schedule-scan-atp.md --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 4881a157db..491a44df0e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -21,7 +21,7 @@ ms.topic: conceptual To run a scan on MDATP for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). -Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks. +Linux (and Unix) have a tool called **crontab**(similar to Task Scheduler) to be able to run scheduled tasks. ## Pre-requisite From ac4ce3a6408ffcf5ac0c6d172c226ad27f2d887f Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Tue, 13 Oct 2020 21:00:28 +0530 Subject: [PATCH 10/21] Update linux-schedule-scan-atp.md --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 4881a157db..09fcee81f1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -26,10 +26,8 @@ Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to b ## Pre-requisite > [!NOTE] - > To get a list of all the time zones, run the following command: > `timedatectl list-timezones` - > Examples for timezones: > - `America/Los_Angeles` > - `America/New_York` @@ -67,14 +65,14 @@ CRON_TZ=America/Los_Angeles 0 2 * * sat /bin/mdatp scan quick > ~/mdatp_cron_job.log > [!NOTE] -In this example, we have set it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8). +>In this example, we have set it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8). Press “Esc” Type “:wq” without the double quotes. > [!NOTE] - w == write, q == quit +> w == write, q == quit To view your cron jobs, type `sudo crontab -l` From 47429eb530bedc9d4ecc942939d5ca9246d6c445 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Tue, 13 Oct 2020 21:46:01 +0530 Subject: [PATCH 11/21] Update linux-schedule-scan-atp.md --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 737bba28fe..2daf8f2576 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -21,7 +21,7 @@ ms.topic: conceptual To run a scan on MDATP for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). -Linux (and Unix) have a tool called **crontab**(similar to Task Scheduler) to be able to run scheduled tasks. +Linux(and Unix) have a tool called **crontab**(similar to Task Scheduler) to be able to run scheduled tasks. ## Pre-requisite From b5c866a3520e0cb37d2df908b76b535a659ca054 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Thu, 15 Oct 2020 14:32:58 +0530 Subject: [PATCH 12/21] Update linux-schedule-scan-atp.md Updated per comments from Yong Rhee --- .../linux-schedule-scan-atp.md | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 2daf8f2576..b04e20d3a6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -155,16 +155,11 @@ See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](h **Explanation**: -+—————- minute (values: 0 – 59) (special characters: , – * /) - -| +————- hour (values: 0 – 23) (special characters: , – * /) - -| | +———- day of month (values: 1 – 31) (special characters: , – * / L W C) - -| | | +——- month (values: 1 – 12) (special characters: ,- * / ) -| | | | +—- day of week (values: 0 – 6) (Sunday=0 or 7) (special characters: , – * / L W C) -| | | | | - -*****command to be executed ++—————- minute (values: 0 – 59) (special characters: , – * /)
+| +————- hour (values: 0 – 23) (special characters: , – * /)
+| | +———- day of month (values: 1 – 31) (special characters: , – * / L W C)
+| | | +——- month (values: 1 – 12) (special characters: ,- * / )
+| | | | +—- day of week (values: 0 – 6) (Sunday=0 or 7) (special characters: , – * / L W C)
+| | | | |*****command to be executed From 104c43ff75a1f4af29a932f8e2b49618176c5ca9 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Thu, 15 Oct 2020 14:42:18 +0530 Subject: [PATCH 13/21] update-toc-per-4490409 Updated the new topic link in the TOC - "Schedule scans with Microsoft Defender ATP for Linux" --- windows/security/threat-protection/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index f69cdfadb5..7325a5cf3e 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -284,6 +284,7 @@ ##### [Static proxy configuration](microsoft-defender-atp/linux-static-proxy-configuration.md) ##### [Set preferences](microsoft-defender-atp/linux-preferences.md) ##### [Detect and block Potentially Unwanted Applications](microsoft-defender-atp/linux-pua.md) +##### [Schedule scans with Microsoft Defender ATP for Linux](microsoft-defender-atp/linux-schedule-scan-atp.md) #### [Troubleshoot]() ##### [Troubleshoot installation issues](microsoft-defender-atp/linux-support-install.md) From 4eebe0f6f82af97bfc6e9a94c9184cbaa34e3d0a Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Thu, 15 Oct 2020 14:54:54 +0530 Subject: [PATCH 14/21] Update linux-schedule-scan-atp.md minor edit --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index b04e20d3a6..22187f7d02 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -21,7 +21,7 @@ ms.topic: conceptual To run a scan on MDATP for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). -Linux(and Unix) have a tool called **crontab**(similar to Task Scheduler) to be able to run scheduled tasks. +Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks. ## Pre-requisite From 272b272988926a83aac025515b09846e6b1e452e Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 15 Oct 2020 11:08:06 -0700 Subject: [PATCH 15/21] Update linux-schedule-scan-atp.md using correct brand names from MDATP to Microsoft Defender for Endpoint (Linux) --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 22187f7d02..d5c088430a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -1,7 +1,7 @@ --- -title: How to schedule scans with MDATP for Linux -description: Learn how to schedule an automatic scanning time for Microsoft Defender ATP in Linux to better protect your organization's assets. -keywords: microsoft, defender, atp, linux, scans, antivirus +title: How to schedule scans with Microsoft Defender for Endpoint (Linux) +description: Learn how to schedule an automatic scanning time for Microsoft Defender for Endpoint (Linux) to better protect your organization's assets. +keywords: microsoft, defender, atp, linux, scans, antivirus, microsoft defender for endpoint (linux) search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -17,9 +17,9 @@ ms.collection: M365-security-compliance ms.topic: conceptual --- -# Schedule scans with Microsoft Defender ATP for Linux +# Schedule scans with Microsoft Defender for Endpoint (Linux) -To run a scan on MDATP for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). +To run a scan for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks. From 59eb12e1ebca06511ad3e3ff02e09363171e3921 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Fri, 16 Oct 2020 22:49:48 +0530 Subject: [PATCH 16/21] Update linux-schedule-scan-atp.md --- .../linux-schedule-scan-atp.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index d5c088430a..ff23ec7922 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -31,8 +31,8 @@ Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to b > Examples for timezones: > - `America/Los_Angeles` > - `America/New_York` ->- `America/Chicago` ->- `America/Denver` +> - `America/Chicago` +> - `America/Denver` ## To set the Cron job Use the following commands: @@ -44,9 +44,10 @@ Use the following commands: > [!NOTE] > Where 200919 == YRMMDD -> TIP: -Do this before you edit or remove. -To edit the crontab, and add a new job as a root user: +> [!TIP] +> Do this before you edit or remove.
+ +To edit the crontab, and add a new job as a root user:
`sudo crontab -e` > [!NOTE] @@ -109,7 +110,7 @@ Automating with Puppet: Cron jobs and scheduled tasks See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/) for more information. -## Additional information: +## Additional information **To get help with crontab** @@ -126,8 +127,9 @@ See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](h **To backup crontab entries:** `crontab -l > /var/tmp/cron_backup.dat` + > [!TIP] -> Do this before you edit or remove. +> Do this before you edit or remove.
**To restore crontab entries:** From c2b1ce54a71a141ca0ab9b953dce06198784fbed Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Fri, 16 Oct 2020 23:08:33 +0530 Subject: [PATCH 17/21] Update linux-schedule-scan-atp.md --- .../linux-schedule-scan-atp.md | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index ff23ec7922..18d93d4b7d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -37,7 +37,7 @@ Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to b ## To set the Cron job Use the following commands: -**To backup crontab entries:** +**To backup crontab entries** `sudo crontab -l > /var/tmp/cron_backup_200919.dat` @@ -79,7 +79,7 @@ To view your cron jobs, type `sudo crontab -l` :::image type="content" source="..\images\linux-mdatp-1.png" alt-text="linux mdatp"::: -**To inspect cron job runs:** +**To inspect cron job runs** `sudo grep mdatp /var/log/cron` @@ -90,18 +90,18 @@ To view your cron jobs, type `sudo crontab -l` ## For those who use Ansible, Chef, or Puppet Use the following commands: -### To set cron jobs in Ansible: +### To set cron jobs in Ansible `cron – Manage cron.d and crontab entries` See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html) for more information. -### To set crontabs in Chef: +### To set crontabs in Chef `cron resource` See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/) for more information. -### To set cron jobs in Puppet: +### To set cron jobs in Puppet Resource Type: cron See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs/puppet/5.5/types/cron.html) for more information. @@ -116,46 +116,46 @@ See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](h `man crontab` -**To get a list of crontab file of the current user:** +**To get a list of crontab file of the current user** `crontab -l` -**To get a list of crontab file of another user:** +**To get a list of crontab file of another user** `crontab -u username -l` -**To backup crontab entries:** +**To backup crontab entries** `crontab -l > /var/tmp/cron_backup.dat` > [!TIP] > Do this before you edit or remove.
-**To restore crontab entries:** +**To restore crontab entries** `crontab /var/tmp/cron_backup.dat` -**To edit the crontab and add a new job as a root user:** +**To edit the crontab and add a new job as a root user** `Sudo crontab -e` -**To edit the crontab and add a new job:** +**To edit the crontab and add a new job** `crontab -e` -**To edit other user’s crontab entries:** +**To edit other user’s crontab entries** `crontab -u username -e` -**To remove all crontab entries:** +**To remove all crontab entries** `crontab -r` -**To remove other user’s crontab entries:** +**To remove other user’s crontab entries** `crontab -u username -r` -**Explanation**: +**Explanation** +—————- minute (values: 0 – 59) (special characters: , – * /)
| +————- hour (values: 0 – 23) (special characters: , – * /)
From b7f5d38e67c4fce459f4c94795fe7491df8cbf80 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Tue, 20 Oct 2020 23:38:41 +0530 Subject: [PATCH 18/21] Update linux-schedule-scan-atp.md minor correction in note --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 18d93d4b7d..3bd8a7cde1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -27,7 +27,7 @@ Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to b > [!NOTE] > To get a list of all the time zones, run the following command: -> `timedatectl list-timezones` +> `timedatectl list-timezones`
> Examples for timezones: > - `America/Los_Angeles` > - `America/New_York` From e11250a1fc13d616ebd6bceb320329264791f5ba Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Wed, 18 Nov 2020 18:13:05 -0800 Subject: [PATCH 19/21] Fix typo in system extension instrucitons --- .../microsoft-defender-atp/mac-sysext-policies.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index 9b20ff2260..73bb94faf9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -150,13 +150,13 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender 4. After the certificate is created and installed to your device, run the following command from the Terminal to sign the file: ```bash - $ security cms -S -N "" -i /com.apple.webcontent-filter.mobileconfig -o /com.microsoft.network-extension.signed.mobileconfig + $ security cms -S -N "" -i /com.microsoft.network-extension.mobileconfig -o /com.microsoft.network-extension.signed.mobileconfig ``` For example, if the certificate name is **SigningCertificate** and the signed file is going to be stored in Documents: ```bash - $ security cms -S -N "SigningCertificate" -i ~/Documents/com.apple.webcontent-filter.mobileconfig -o ~/Documents/com.microsoft.network-extension.signed.mobileconfig + $ security cms -S -N "SigningCertificate" -i ~/Documents/com.microsoft.network-extension.mobileconfig -o ~/Documents/com.microsoft.network-extension.signed.mobileconfig ``` 5. From the JAMF portal, navigate to **Configuration Profiles** and click the **Upload** button. Select `com.microsoft.network-extension.signed.mobileconfig` when prompted for the file. From 8765322a40d7750701fd888530837ad94f177265 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Thu, 19 Nov 2020 15:14:07 +0530 Subject: [PATCH 20/21] Update TOC.md To fix build error --- windows/security/threat-protection/TOC.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 29bbd110d3..2e9b5977ec 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -8,7 +8,6 @@ ### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md) ### [Overview of Microsoft Defender Security Center](microsoft-defender-atp/use.md) ### [Portal overview](microsoft-defender-atp/portal-overview.md) -### [Microsoft Defender ATP for US Government Community Cloud High customers](microsoft-defender-atp/commercial-gov.md) ### [Microsoft Defender ATP for non-Windows platforms](microsoft-defender-atp/non-windows.md) ## [Evaluate capabilities](microsoft-defender-atp/evaluation-lab.md) From 28c6d8b6ffabca4d3f5990e54c94e8984f78d249 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Thu, 19 Nov 2020 15:15:33 +0530 Subject: [PATCH 21/21] Update linux-schedule-scan-atp.md minor spelling error --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 3bd8a7cde1..fe7f0dbd32 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -137,7 +137,7 @@ See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](h **To edit the crontab and add a new job as a root user** -`Sudo crontab -e` +`sudo crontab -e` **To edit the crontab and add a new job**