Crontab jobs disappeared.

[ColinTaylor]

Could I just edit the

/usr/sbin/cru

script and put something like

/usr/bin/logger $0: $@

at the start of it. Would that work?

No. /usr/sbin is in ROM. That's why you have to use the mount/bind hack in the script above.

 

[dave14305]

See which custom scripts might be calling cru or crontab:

/bin/grep -rE "(\bcru [ad]\b|crontab)" /jffs /tmp/mnt/*/

 

[alan6854321]

No. /usr/sbin is in ROM. That's why you have to use the mount/bind hack in the script above

OK, I suspect it's a bit of a pointless exercise anyway,

I think it's extremely unlikely that anything is calling "cru d <blah>" and deleting jobs.
It's much more likely that the crontab file is somehow getting trashed.

 

[Jeffrey Young]

From what I have been able to sift through, it seems that this issue started with 388.6.

Knowing how Asus has been dumb-proofing security on their routers for the average public who just wants to plug the box in, run through the wizard and go, I have to wonder if the asd daemon has been changed and is now zapping possible threats in the crontab......

Just thinking to myself. Until figured out, between the crontab issue and knowing more about how certificates are handled by Asus on 388.6 (I use ZeroSSL for all my certificate needs, including the routers), I will be staying back on 386.7_2.

 

[Ripshod]

I have to wonder if the asd daemon has been changed and is now zapping possible threats in the crontab......

Shared thought there. It has already been found guilty of totally deleting one of the add-on scripts.
It can't be corruption as entries are removed from random locations leaving other entries readable (intact?).

 

[Jeffrey Young]

It has already been found guilty of totally deleting one of the add-on scripts.

Sorry for being off-topic, but which addon?

 

[Ripshod]

Sorry for being off-topic, but which addon?

It was Skynet. asd kept deleting /jffs/scripts/firewall

 

[Viktor Jaep]

It was Skynet. asd kept deleting /jffs/scripts/firewall

@dave14305 recently made an emergency fix to get around this after people found the script just vanishing after installing, or when it was trying to apply chmod permissions to it. It was quite astonishing to see ASD interfering in this manner.

 

[thelonelycoder]

This will all blow over with the next firmware update. Right or not?
I’m certainly not losing any more sleep over that, much less code a fix for the company that makes money from us.

 

[dave14305]

I'll be sticking with 388.5 for now - may as well explore all angles.

The only firmware components that seem to use cron jobs are OpenVPN servers and LetsEncrypt. LetsEncrypt library was updated in 388.6. Everything else will likely be third party.

 

[alan6854321]

The only firmware components that seem to use cron jobs are OpenVPN servers and LetsEncrypt. LetsEncrypt library was updated in 388.6. Everything else will likely be third party.

When my crontab jobs were deleted, the only one that was left was the OpenVPN job.
LetsEncrypt plus my own custom jobs were all deleted.
Is this significant?

 

[dave14305]

When my crontab jobs were deleted, the only one that was left was the OpenVPN job.
LetsEncrypt plus my own custom jobs were all deleted.
Is this significant?

I doubt OpenVPN server is to blame, but I still have doubts about LetsEncrypt. But I use neither, so I’m only speculating.

 

[Ripshod]

I doubt OpenVPN server is to blame, but I still have doubts about LetsEncrypt. But I use neither, so I’m only speculating.

Agreed. I'm not running OpenVPN Server.

 

[Jeffrey Young]

Someone running 386.6 will need to do some testing. It is speculation on my part too that ASD may be responsible. I don't know if one can kill the asd process and have it stay dead (watch dog process not restarting it).

 

[ColinTaylor]

I doubt OpenVPN server is to blame, but I still have doubts about LetsEncrypt. But I use neither, so I’m only speculating.

I was thinking the same thing as LetsEncrypt is common to both reports. But like you I don't use LetsEncrypt and I know nothing about it.

Is it using the acme.sh script? I note that it has a --cron option which overwrites the crontab directly rather than using cru.

 

[alan6854321]

I doubt OpenVPN server is to blame, but I still have doubts about LetsEncrypt. But I use neither, so I’m only speculating.

My logic was more along the lines of "OpenVPN is part of Asus firmware, so it got left alone. But LetsEncrypt is a Merlin add-on, so it got trashed by ASD along with all the other stuff".

Or is that just fantasy?

 

[Viktor Jaep]

I wish ASD was configurable, ie. something that could get turned off (perhaps with multiple warnings/EULAs or whatnot)... just for those who accept the additional risk and don't want to deal with the extra headaches that comes with it. Like with AiProtection... I'm glad I was able to disable this... doing so added a lot of stability to my router.

Seems like it was added into the Merlin FW prior to 2021 after some negotiating between ASUS and @RMerlin. Just got done reading through some of it's back history here: https://www.snbforums.com/threads/what-is-asd-process.76242/

 

[Viktor Jaep]

Just a quick question for those of you who may have been dealing with ASD deleting skynet, or even just recently potentially your cron jobs... what versions of the ASD signature files did you have? Mine all seem to be fairly old, like from last year...

ViktorJp@GT-AX6000-3C88:/jffs/asd# ls
blockdnsip2023080803   blockfile2023103001    chknvram2023080803     monitorproc2023080401  version

 

[Ripshod]

Gilly@ripshod:/jffs/asd# ls
blockdnsip2023080803   chknvram2023080803     version
blockfile2023103001    monitorproc2023080401

Somehow methinks asd is innocent.
Yes, I also suffered the asd/SkyNet issue too.

 

[dave14305]

I do think cru should spin and wait if the cron.update file is still present.