Re-thinking the placement of system admin cron scripts

[IT_Architect]

Since I'm working up a Linux VM, I'm using the opportunity to re-think my placement of cron and scripts.
Current FreeBSD;
/etc/crontab
yada yada bunch of stuff FreeBSD added here Yada Yada bunch of stuff DirectAdmin added here. # ***************************************************************************** # SysAdmin Area # ***************************************************************************** ##### Every day at 8:00 AM, clean out e-mails older than 30 days from the # SYSTEM USER's mail boxes. Nobody ever checks them, and they are commonly # used for cron output and E-mail catch-alls. 0 8 * * * root /home/admin/scripts/purge_system_acct_emails.sh # ##### Anti-malware measures # Scan server with ClamAV 30 minutes after the hour 28 * * * * root /etc/clamscan_delta.sh # Scan server with ClamAV each day 0 2 * * 6 root /etc/clamscan_full.sh ##### SpamAssassin - Teach bayesian spam filter for the entire domain /5 * * * * root /usr/bin/sa-teach_crawler 1 ##### Check every minute and restart Apache if the one minute load average gets over 20 and e-mail [email protected]. * * * * * root /root/scripts/apache/apache_governor.sh * * * * * root /root/scripts/php/php-fpm53_governor.sh ##### Check every minute for user flag to restart firewall for Admin Blacklist or Whitelist changes * * * * * root /home/admin/scripts/admin.restart_firewall.sh ##### pf Firewal 0 3 * * * root /etc/pf/scripts/pf.script.emerging.sh 5 3 * * * root /etc/pf/scripts/pf.script.geo_blacklist.sh ##### Truncate log files every 15 minutes yada yada yada # ***************************************************************************** # END SysAdmin Area # ***************************************************************************** yada yada stuff other software installs have appended to file

Thoughts for AlmaLinux are:
Move SysAdmin Area into a file named custom inside cron.d
Move all scripts into /root/cron sub-directories such as:
/root/cron/anti-malware
/root/cron/watchdog
/root/cron/logs
etc.

- This enables me to very easily move custom stuff to a new server, not miss anything, and one place to check if things need edits with ReadMes for things that would
- When DirectAdmin and other software gets updated, they don't remove or obsolete anything.
- The only thing in the /root/cron structure is what I put there, unlike any of the /bins or /sbins

What are your thoughts?

 

[Richard G]

Move all scripts into /root/cron sub-directories such as:
/root/cron/anti-malware
/root/cron/watchdog
/root/cron/logs

I don't see any reason. Cron files in Linux always resided in the /etc/crontab and /etc/cron.d directory in every distro. Personally if not necessary, I don't like to deviate from OS defaults.
You can put your custom scripts there ofcourse, but you have to configure /etc/crontab to start them from there because it's not a default cron directory. But if you would like it that way, you can.

- The only thing in the /root/cron structure is what I put there, unlike any of the /bins or /sbins

Yes ofcourse. This is also default for about all Linux distro's. Root is just an account, it's a root user, it's not "system". So it's quite logic that things in there are put there by yourself.
You can also put your custom crons in there if you want to.

I have some custom things in there for example the filter, filter.conf and a user_prefs which is taken from there for spamassassin configuration when a new user is created.

Moving stuff to other servers is also easily done by rsync for example.

Personally I would rather use the existing structure which is quite the same for all distro's and put my custom crons also in /etc/cron.d as that makes things easier.
And it's just as easy to move them, because with rsync it's very easy to move a complete directory even if needed.

 

[IT_Architect]

I don't see any reason. Cron files in Linux always resided in the /etc/crontab and /etc/cron.d directory in every distro. Personally if not necessary, I don't like to deviate from OS defaults.
You can put your custom scripts there ofcourse, but you have to configure /etc/crontab to start them from there because it's not a default cron directory. But if you would like it that way, you can.

It appears we are in agreement. I'm simply moving the SysAdmin area from /etc/crontab to a separate file in /etc/cron.d/custom, which is in agreement with what you just said of either /etc/crontab or /etc/cron.d/custom

The only thing I'm doing differently is instead of having the scripts that DirectAdmin and other software did not write and the SysAdmin did, was move those custom scripts out of the software area to an organized structure under /root/cron

 

[Richard G]

as move those custom scripts out of the software area to an organized structure under /root/cron

Correct and that is a choice, you're free to do it that way.
I only don't understand what the "SysAdmin area" is. As long as it's not DA's cronjobs, because there are possibility's that those crons are called from that position from certain applications. I'm not sure about that.
But I wouldn't see any reason why you couldn't have your custom scripts in a place of your liking, as long as they can work, are safe and you're satisfied.
And we don't have to do it.

 

[IT_Architect]

I only don't understand what the "SysAdmin area" is. As long as it's not DA's cronjobs, because there are possibility's that those crons are called from that position

I did it. The file were all of my custom cron commands are located is nowhere near directadmins or anyone else's. They are located in:
/etc/rc.d/custom

All scripts cron runs out of custom are located in subdirectories under /root/cron such as:
/root/cron/anti-malware
/root/cron/watchdog
/root/cron/logs
etc.

Thanks!