Hi, I am fetching some data using osquery’s crontab table. There are some ambiguous entries which are getting listed. Can someone please help me understand why this is happening. Here is the data fetched.

{  
   command: {}'.format(e))
   path: /etc/cron.d/sched_prov.py
   day_of_month: enforce
   day_of_week: endpoints:
   hour: to
   minute: print('Failed
   month: maintenance
 }

Seems like probably a bug with the

crontab

parsing. Can you paste the corresponding line from the

crontab

file?

That kind looks like it tried to parse

/etc/cron.d/sched_prov.py

. Why do you have a python file in your crontab directory?

@seph This is a remote user’s machine and we just noticed this ambiguous data. My hunch was pretty much the same that osquery must have parsed the python file to find some schedule. For now, we are just content with the statement

That kind looks like it tried to parse /etc/cron.d/sched_prov.py.

Thanks.