In the last post we saw how to create a python-based tool to monitor Telegram. Like that one, security researchers have a panoply of threat monitors to keep up with what’s going on in the wild.

Cron is an easy tool that can be used to setup the frequency we want to run our monitors.

Time for school

What is WSL?

Windows Subsystem for Linux (WSL) offers a GNU/Linux environment, including most command-line tools, utilities, and applications, directly on Windows, without the overhead of a traditional virtual machine (VM) or dualboot setup.

As such, you can run your favorite Unix tools and utilities, such as findawksed, and grep, without having to leave Windows.

What are cronjobs?

The cron command-line utility is a job scheduler on Unix-like operating systems, that allows users to schedules commands (jobs), a.k.a, cronjobs, at specific times.

For instance, cron can be used for running scheduled backups, monitoring disk space, deleting files (for instance, log files) periodically when they are no longer required, running system maintenance tasks and a lot more. It is a great tool for system maintenance and administration.

As security researchers, we can leverage cron to schedule our threat intelligence and dark web monitors.

Tutorial

1. WSL Setup

  • Open PowerShell and run:
wsl --install   # install
wsl --list --online     # list distributions available
wsl --install -d <Distribution Name>    # install distribution

In this case I installed Ubuntu.

  • When you are inside the distribution, create a user account and password.

  • Then, update and upgrade packages

sudo apt update && sudo apt upgrade

✔️ And done! Easy isn’t it?

After installing WSL, you can run its shell by searching the app “Ubuntu” (or “<your-distro>”) in Windows search box.

A security consideration:

  • WSL will continue to run in the background even when you exit the command shell.

2. Cronjob Setup

In this section we will se how to setup a cronjob. 

We are going to follow 4 steps:

  1. Install cron
  2. Run/enable the cronjob service at startup
  3. Remove prompting for password to start the cronjob service automatically
  4. Create a cronjob

Steps 2 and 3 allows us to run a job automatically at startup. If you don’t want this, simply jump step 2 and 3.

1. Install cron

sudo apt update
sudo apt install cron

2. Run/enable cronjob service automatically at startup

  • cd to /home/<your_ubuntu_username>
  • sudo nano .bashrc

Add the following line in the beginning of the file:

sudo -i service cron start

  • Save (Ctrl+O) and close (Ctrl+X).

3. Remove prompt for password

Do sudo visudo

At the bottom of the file add the line: 

ALL=(ALL) NOPASSWD: ALL

Save and close.

Test it:

  • Reboot
  • Check cron status with sudo service cron status
* cron is running

If you see the output above, we are good to go ✔️

4. Create a cronjob

A cronjob is recorded and managed in a special file known as a crontab.

Each user profile on the system can have their own crontab where they can schedule jobs. Use the following commands to check your current crontab configuration.

crontab -l      # list your user's crontab content (cronjobs)
crontab -e      # open your personal crontab (cron configuration file)

Now, before creating a new cronjob we must understand how to configure it.

First, an example:

*/2 * * * * touch /<directory>/myFile.txt

This job creates a file, ⁠myFile⁠, every 2 minutes in a directory of your choosing.

Let’s test it! To set it up:

  • Open your cron configuration file (crontab -e)
  • Add the line */2 * * * * touch /<directory>/myFile.txt , where <directory> should be changed to a directory of your choosing
  • Save and close
  • Restart cron with sudo service cron restart

Wait 2 minutes, and see myFile.txt magically appear 🧙‍♀️

Configuration

Below you can see the definition of each element of the job. 

You have a place to set the minutes, hours, days, months of day of the weeks, that you want to have a command be executed.

# Job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * command to be executed

Crontab also accepts special characters for creating a more complex time schedule:

Character Meaning
Comma To separate multiple values
Hyphen To indicate a range of values
Asterisk To indicate all possible values
Forward slash To indicate EVERY

Here are some examples of cron expressions we can use:

  • * * * * * - Run the command every first minute of every hour of every day of every month.
  • 12 * * * * - Run the command 12 minutes after every hour.
  • 0,15,30,45 * * * * - Run the command every 15 minutes.
  • */15 * * * * - Run the command every 15 minutes.
  • 0 4 * * * - Run the command every day at 4:00 AM.
  • 0 4 * * 2-4 - Run the command every Tuesday, Wednesday, and Thursday at 4:00 AM.
  • 20,40 */8 * 7-12 * - Run the command on the 20th and 40th minute of every 8th hour every day of the last 6 months of the year.
  • @reboot - to run a job once at reboot. 
Administration

Finally, to control our cron service in WSL we can use typical Ubuntu commands for service control.

sudo service cron status
sudo service cron stop
sudo service cron start
sudo service cron restart

And voilà!

Happy Hunting 🕵️‍♀️