We had a problem with Plesk, allowing a hacker to set up cron processes on our Linux server as various users. After cleaning a few up, I used this command to list the cron tables for all users:
awk -F: '{print $1}' /etc/passwd | xargs -l1 crontab -lu 2>/dev/null
It’s a handy command to keep in your toolbox.
What it does, is take the first field – the username – from the passwd file, then pass each username to the crontab command to list the table. xargs is used to pass the usernames one at a time, since crontab only accepts one username.
No comments yet.