Open-AudIT
https://www.open-audit.org/phpBB3/

OSx audit error when run from crontab
https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6308
Page 1 of 1

Author:  pw98 [ Tue Apr 08, 2014 12:31 am ]
Post subject:  OSx audit error when run from crontab

Hi Guys,

Huge welldone and thanks to the open-audit team, has made me life so much easier.

The only problem I seem to have is below. When I run the osx script as root manually it works fine. When I add it to cron to run weekly, I get the following errors

Cron Daemon root@rr0152.local
1:50 PM (56 minutes ago)

to macadmin
System Info
/var/root/audit_osx.sh: line 27: system_profiler: command not found
/var/root/audit_osx.sh: line 28: networksetup: command not found
/var/root/audit_osx.sh: line 33: system_profiler: command not found
/var/root/audit_osx.sh: line 34: system_profiler: command not found
/var/root/audit_osx.sh: line 40: system_profiler: command not found
expr: syntax error
/var/root/audit_osx.sh: line 42: sysctl: command not found
Network Cards Info
/var/root/audit_osx.sh: line 121: system_profiler: command not found
/var/root/audit_osx.sh: line 138: system_profiler: command not found
Processor Info
/var/root/audit_osx.sh: line 145: sysctl: command not found
/var/root/audit_osx.sh: line 147: sysctl: command not found
sudo: system_profiler: command not found
(standard_in) 1: parse error
Memory Info
/var/root/audit_osx.sh: line 203: system_profiler: command not found
Software Info
/var/root/audit_osx.sh: line 260: system_profiler: command not found
Submitting results to server
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
100 1131 0 0 100 1131 0 401 0:00:02 0:00:02 --:--:-- 400
100 1803 100 672 100 1131 200 338 0:00:03 0:00:03 --:--:-- 338
100 1803 100 672 100 1131 200 338 0:00:03 0:00:03 --:--:-- 338
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<head>
<title>Open-AudIT</title>
</head>

<body>
<a href='http://open-audit.internal.*.com/index.php/system'>Back to input page</a><br />
<a href='http://open-audit.internal.*.com/index.php'>Front Page</a><br />
SystemID (updated): <a href='http://open-audit.internal.*.com/index.php/main/system_display/29'>29</a>.<br />
<br />Time: 0.9408 seconds.</body>
</html>cat: illegal option -- 2
usage: cat [-benstuv] [file ...]
rm: illegal option -- 2
usage: rm [-f | -i] [-dPRrvW] file ...
unlink file

script is located here /var/root/audit_osx.sh with following file premissions

rwxr-x--- 1 root staff 11K 2 Apr 11:47 audit_osx.sh

I can run the script by doing /var/root/audit_osx.sh but fails if it's in a crontab


RR0152:~ root# crontab -l
MAILTO="macadmin@*.com"

50 13 * * * /var/root/audit_osx.sh

machine is a mac mini running 10.9 aka mavericks. The audit is showing up as running under the device in the web interface.
59 - audit 2014-04-07 14:49:06 192.168.10.127 2014-04-07 14:48:27



I have also tried this on couple of other machines and get the same error.

Author:  jpa [ Tue Apr 08, 2014 1:21 am ]
Post subject:  Re: OSx audit error when run from crontab

I don't use MacOS or Linux much but from your crontab entry it looks like you're using a user crontab entry. So I would say that whatever user you're running the task under doesn't have access to all the commands which give you errors.

Author:  pw98 [ Tue Apr 08, 2014 6:54 pm ]
Post subject:  Re: OSx audit error when run from crontab

I very much doubt it, I logged in as root and run command then run crontab -e as root.

Author:  jpa [ Wed Apr 09, 2014 1:17 am ]
Post subject:  Re: OSx audit error when run from crontab

Maybe something up with $PATH when run from cron?

Author:  pw98 [ Wed Apr 09, 2014 8:41 pm ]
Post subject:  Re: OSx audit error when run from crontab

If I run the command from command line
e.g system_profiler SPHardwareDataType | grep "Serial Number (system):" | cut -d":" -f2 | sed 's/^ *//g'`
It works fine giving me the result I expected. I tried to move it to a normal user and run again as cronjob, same error. I changed the system_profiler to have the full path e.g /usr/sbin/system_profiler SPHardwareDataType | grep "Serial Number (system):" | cut -d":" -f2 | sed 's/^ *//g'` but still get the same error? any one got any ideas as I'm stuck!

Author:  Mark [ Thu Apr 10, 2014 3:03 am ]
Post subject:  Re: OSx audit error when run from crontab

Looks to me like a permission error - but from what you said that "shouldn't" be the case.
Anyone more familiar with OSX than me? (I'm not very).

Author:  pw98 [ Tue Jun 17, 2014 7:45 pm ]
Post subject:  Re: OSx audit error when run from crontab

Any one any ideas, still got the same problem! :(


Mark are you able to try it on your mac, i guess you have tested the new osx script?

Author:  Mark [ Thu Jun 19, 2014 8:34 am ]
Post subject:  Re: OSx audit error when run from crontab

I've not run it using cron - I'll make a note to myself to test it.

Author:  pw98 [ Thu Jun 19, 2014 10:55 pm ]
Post subject:  Re: OSx audit error when run from crontab

Found the problem and fixed it.

When run as root it can find system_profiler but when run as crontab it can't, so You can either change all the lines to be /usr/sbin/system_profiler "not sure if same location on all osx versions, it is on 10.9.2 and 10.7.5

or I added "export PATH=$PATH:/usr/sbin" to start of script, works fine now.

Author:  Mark [ Fri Jun 20, 2014 7:32 am ]
Post subject:  Re: OSx audit error when run from crontab

Thanks pw98 - I have added this to the script.

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/