Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: How to add Datastore and Solr debug.tmp removal cron job

EDR: How to add Datastore and Solr debug.tmp removal cron job

Environment

  • EDR Server: 6.x and lower (Formerly CB Response)

Objective

Create a cron job to automatically remove debug.tmp files older than a certain amount of time for Solr and Datastore.

Resolution

  1. Open /etc/cb/cron/cb.cron.template for edit
  2. Add the following lines to remove any debug.tmp files older than 7 days at midnight every night
    • 0 0 * * * root find /var/log/cb/datastore -name "*.tmp" -mtime +7 -delete
  • 0 0 * * * root find /var/log/cb/solr -name "*.tmp" -mtime +7 -delete
  1. Restart services

Additional Notes

  • To change the time the job runs, change the cron formatted value 0 0 * * * to the preferred runtime
  • To change the age of files to be deleted, edit the +7 value to the preferred number of days
  • For a non-permanent setting, add the line to /etc/cron.d/cb. The setting will be wiped in the next service restart according to what is in cb.cron.template
  • Any entries added to the /etc/cb/cron/cb.cron.template should be ABOVE the following line from the bottom of the file:
# Cron requires that each entry in a crontab end in a newline. This comment is included to ensure that's always the case.
  • To immediately clear space, run the following. Adjust mtime if needed
    find /var/log/cb/datastore -name "*.tmp" -mtime +7 -delete && find /var/log/cb/solr -name "*.tmp" -mtime +7 -delete

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-04-2018
Views:
1465
Contributors