Suspisious cron tasks

[ForNeVeR]

Based on my analysis of sudo journalctl -u cron -o cat | sort | uniq, I've found the following tasks to be executed on a regular basis on our site:

(cor-site) CMD (cd /opt/codingteam/cor-site && bash ./src/main/bash/check.sh 2>&1 >> $HOME/check.log)
(root) CMD (   cd / && run-parts --report /etc/cron.hourly)
(root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
(root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 60 2)
(root) CMD (   test -x /etc/cron.daily/popularity-contest && /etc/cron.daily/popularity-contest --crond)
(root) CMD (test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ))
(root) CMD (test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ))
(root) CMD (  [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete)

Probably check.sh from cor-site is the remnant of some old epoch and should be disabled. I have no idea what's the PHP thing; there's a small possibility that the server is/was compromised.

Other tasks seems like some service stuff, but should be examined closely.

[ForNeVeR]

there's a small possibility that the server is/was compromised

Well, probably not. It seems like some standard maintenance routine, but we should remove it anyways. We're not hosting any PHP stuff on CTOR ever, and have no PHP installed.