このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect the creation or modification of new cron jobs on a system.
Strategy
Cron is a task scheduling system that runs tasks on a time-based schedule. Attackers can use cron jobs to gain persistence on a system, or even to run malicious code at system-boot. Cron jobs can also be used for remote code execution, or to run a process under a different user-context.
Triage and response
- Check to see which cron task was created or modified.
- Check whether the cron task was created or modified by a known user or process.
- If these changes are not acceptable, roll back the host or container in question to an acceptable configuration.
Requires Agent version 7.27 or greater
