| title | description | ms.service | ms.author | author | ms.reviewer | ms.localizationpriority | manager | audience | ms.collection | ms.topic | ms.subservice | search.appverid | ms.date | |||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
How to schedule an update of the Microsoft Defender for Endpoint (Linux) |
Learn how to schedule an update of the Microsoft Defender for Endpoint (Linux) to better protect your organization's assets. |
defender-endpoint |
dansimp |
dansimp |
gopkr |
medium |
deniseb |
ITPro |
|
conceptual |
linux |
met150 |
01/26/2024 |
Applies to:
To run an update on Microsoft Defender for Endpoint on Linux, see Deploy updates for Microsoft Defender for Endpoint on Linux.
Linux (and Unix) have a tool called crontab (similar to Task Scheduler) to be able to run scheduled tasks.
Note
To get a list of all the time zones, run the following command:
timedatectl list-timezones
Examples for timezones:
America/Los_AngelesAmerica/New_YorkAmerica/ChicagoAmerica/Denver
Use the following commands:
sudo crontab -l > /var/tmp/cron_backup_201118.datNote
Where 201118 == YYMMDD
Tip
Do this before you edit or remove.
To edit the crontab, and add a new job as a root user:
sudo crontab -eNote
The default editor is VIM.
You might see:
0 * * * * /etc/opt/microsoft/mdatp/logrorate.sh
And
0 2 * * sat /bin/mdatp scan quick>~/mdatp_cron_job.log
See Schedule scans with Microsoft Defender for Endpoint (Linux)
Press "Insert"
Add the following entries:
CRON_TZ=America/Los_Angeles#!RHEL and variants (CentOS and Oracle Linux)
0 6 * * sun [ $(date +%d) -le 15 ] && sudo yum update mdatp -y >> ~/mdatp_cron_job.log
#!SLES and variants
0 6 * * sun [ $(date +%d) -le 15 ] && sudo zypper update mdatp >> ~/mdatp_cron_job.log
#!Ubuntu and Debian systems
0 6 * * sun [ $(date +%d) -le 15 ] && sudo apt-get install --only-upgrade mdatp >> ~/mdatp_cron_job.log
Note
In the examples above, we are setting it to 00 minutes, 6 a.m.(hour in 24 hour format), any day of the month, any month, on Sundays.[$(date +%d) -le 15] == Won't run unless it's equal or less than the 15th day (3rd week). Meaning it will run every 3rd Sundays(7) of the month at 6:00 a.m. Pacific (UTC -8).
Press "Esc"
Type ":wq" w/o the double quotes.
Note
w == write, q == quit
To view your cron jobs, type sudo crontab -l
:::image type="content" source="media/update-MDE-linux-4634577.jpg" alt-text="update Defender for Endpoint on Linux.":::
To inspect cron job runs:
sudo grep mdatp /var/log/cronTo inspect the mdatp_cron_job.log
sudo nano mdatp_cron_job.logUse the following commands:
cron - Manage cron.d and crontab entriesSee https://docs.ansible.com/ansible/latest for more information.
cron resourceSee https://docs.chef.io/resources/cron/ for more information.
Resource Type: cron
See https://puppet.com/docs/puppet/5.5/types/cron.html for more information.
Automating with Puppet: Cron jobs and scheduled tasks
See https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/ for more information.
man crontabcrontab -lcrontab -u username -lcrontab -l > /var/tmp/cron_backup.datTip
Do this before you edit or remove.
crontab /var/tmp/cron_backup.datsudo crontab -ecrontab -ecrontab -u username -ecrontab -rcrontab -u username -r+—————- minute (values: 0 - 59) (special characters: , - * /)
| +————- hour (values: 0 - 23) (special characters: , - * /)
| | +———- day of month (values: 1 - 31) (special characters: , - * / L W C)
| | | +——- month (values: 1 - 12) (special characters: ,- * / )
| | | | +—- day of week (values: 0 - 6) (Sunday=0 or 7) (special characters: , - * / L W C)
| | | | |*****command to be executed