Linux Portfolio Project - Automating System Updates via Cron Job Scheduling (Bash Shell Scripting)

The ability to implement automation is a boon for any system administrator. "Cron" is a utility that is used to execute commands, processes and scripts on a recurring schedule. "Cron" is a daemon utility; daemons are processes on Linux that run in the background unattended. Since "cron" is a daemon, we can schedule - and therefore, automate - the execution of commands, processes, and scripts (known as "cron jobs") through the "cron" program.

This script is pretty simple: it performs a routine system update of your machine, and reboots the machine to ensure the update takes effect. It will be scheduled as a cron job, so that the system will update every day at midnight (12 A.M.).

Shell Script Components

First, we have to find the updates for our operating system:

Assuming we are using a Debian-based distribution (I'm using Linux Mint), this script be using the "apt" software package management tool. The "update" command will search the online repository of this distribution, and identify any updates available for this distribution. The (y) option simply tells the Bash shell to assume the answer to all prompts for this command is "yes".

The "upgrade" command will actually install all the updates compiled from the distribution's repository on our local, Linux system. Like the previous command, the (y) option assumes "yes" for all the command's prompts.

The final command will reboot the machine after the system upgrade is complete:

Turning the Shell Script into a Cron Job

We will title our script as "sysupdate.sh" and make the script executable on our entire system ("chmod a+x sysupdate.sh" on the command line).

Now it's time to turn our script into a cron job. Since we are trying to apply updates to the entire system, we need to access a system-wide, configuration file called "/etc/crontab". This file runs cron jobs for the entire machine, not just for a single user on the Linux system. Crontabs receive the scheduled jobs that will be run by the "cron" utility. Think of crontabs as the fuel "cron" needs to execute the cron jobs.

To access "/etc/crontab" we must apply superuser privileges in the form of "sudo nano /etc/crontab" (the root privileges will allow us to write to the file).

The crontab already has its own cron jobs that it runs, so our entry for a cron job will begin at the bottom. The crontab provides a format structure for entering cron jobs:

• minute (0 - 59) >> the minute parameter represents the minute of the hour you want to run your job. "*" represents all possible values.
• hour (0 - 23) >> the hour (military time) for the cron job. "*" represents all possible values.
• day of month (1 - 31) >> the day of month for the cron job. "*" represents all possible values.
• month (1 - 12) or (jan - dec) >> the month for the cron job. "*" represents all possible values.
• day of week (0 - 7) or (sun - sat) >> the calendar day of the week for the cron job. "0" and "7" represent Sunday. "*" represents all possible values.
• command to be executed >> the commands, processes and scripts that make up the cron job.

We want this script to run as a cron job every day at midnight (12 A.M.). Therefore our cron job will be formatted in the following way:

Midnight will translate to the first minute (0) of the first hour (0) of the day. We want the script to run every day of every month, 7 days of the week, so the values for day of month, month, and day of week will carry the "*" value. Lastly, the command to be executed is the "sysupdate.sh" script, expressed with the absolute path name of "/home/mint/sysupdate.sh".

We have just scheduled a cron job that will automate system updates. Once we exit the crontab, we have one more step. We have to restart the "cron" utility manually, so it can "capture" the new job we've entered in the crontab. This is accomplished by entering "sudo service cron restart" in the command line:

And that's it.

Shell Script (sysupdate.sh) in Action

This script is very basic, but with "cron" in play, this script is a lifesaver in a Linux environment. By automating system updates, we diminish human error - error that could cost organizations a lot of money! People are usually the weakest part of any system or network; instead of having to manually update my Linux system every day, I can automate this process, and diminish the impact of human error.

For example, one day, I may forget to manually update my systems. A daily, automated system update could be the difference between a secure system or a security breach. My forgetfulness could create an opening for threat actors to exploit a vulnerability in our system -- a vulnerability that could have with a simple update. The simplest things can be the most powerful!

Thank you so much for reading through this portfolio project! If you enjoyed my take with Bash shell scripting, please feel to reach out and connect. I'm always looking to network with people in the industry.

Until next time!

© 2023, Enoch Deboss