Check: UBTU-16-030460
Canonical Ubuntu 16.04 LTS STIG:
UBTU-16-030460
(in versions v2 r3 through v1 r3)
Title
Cron logging must be implemented. (Cat II impact)
Discussion
Cron logging can be used to trace the successful or unsuccessful execution of cron jobs. It can also be used to spot intrusions into the use of the cron facility by unauthorized and malicious users.
Check Content
Verify that "rsyslog" is configured to log cron events. Check the configuration of "/etc/rsyslog.d/50-default.conf" for the cron facility with the following commands: Note: If another logging package is used, substitute the utility configuration file for "/etc/rsyslog.d/50-default.conf". # grep cron /etc/rsyslog.d/50-default.conf cron.* /var/log/cron.log If the commands do not return a response, check for cron logging all facilities by inspecting the "/etc/rsyslog.d/50-default.con" file: # more /etc/rsyslog.conf Look for the following entry: *.* /var/log/messages If "rsyslog" is not logging messages for the cron facility or all facilities, this is a finding.
Fix Text
Configure "rsyslog" to log all cron messages by adding or updating the following line to "/etc/rsyslog.d/50-default.conf": cron.* /var/log/cron.log Note: The line must be added before the following entry if it exists in "/etc/rsyslog.d/50-default.conf": *.* ~ # discards everything
Additional Identifiers
Rule ID: SV-215142r610931_rule
Vulnerability ID: V-215142
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |