crontab

Use the crontab InSpec audit resource to test the crontab entries for a particular user on the system. It recognizes special time strings (@yearly, @weekly, etc).


Syntax

A crontab resource block declares a user (which defaults to the current user, if not specified), and then the details to be tested, such as the schedule elements for each crontab entry or the commands itself:

describe crontab do
  its('commands') { should include '/some/scheduled/task.sh' }
end


Examples

The following examples show how to use this InSpec audit resource.

Test that root’s crontab has a particular command

describe crontab('root') do
  its('commands') { should include '/path/to/some/script' }
end

Test that myuser’s crontab entry for command ‘/home/myuser/build.sh’ runs every minute

describe crontab('myuser').commands('/home/myuser/build.sh') do
  its('hours') { should cmp '*' }
  its('minutes') { should cmp '*' }
end

Test that the logged-in user’s crontab has no tasks set to run on every hour and every minute

describe crontab.where({'hour' => '*', 'minute' => '*'}) do
  its('entries.length') { should cmp '0' }
end

Test that the logged-in user’s crontab contains a single command that matches a mattern

describe crontab.where { command =~ /a partial command string/ } do
  its('entries.length') { should cmp 1 }
end

Test a special time string (i.e., @yearly /root/anual_report.sh)

describe crontab.commands('/root/anual_report.sh') do
  its('hours') { should cmp '0' }
  its('minutes') { should cmp '0' }
  its('days') { should cmp '1' }
  its('months') { should cmp '1' }
end

Test @reboot case

describe crontab.commands('/root/reboot.sh') do
  its('hours') { should cmp '-1' }
  its('minutes') { should cmp '-1' }
end


Property Examples

### Test a special time string

describe crontab do
  its('minutes') { should cmp '0' }
  its('hours') { should cmp '0' }
  its('days') { should cmp '1' }
  its('weekdays') { should cmp '1' }
  its('user') { should include 'username'}
  its('commands') { should include '/some/scheduled/task.sh' }
end

InSpec will automatically interpret crontab-supported special time strings. For example, a crontab entry set to run @yearly can be tested as if the entry was manually configured to run on January 1, 12 AM.


Matchers

For a full list of available matchers, please visit our matchers page.