Check: GEN003160
Title
Cron logging must be implemented. (Cat II impact)
Discussion
Cron logging can be used to trace the successful or unsuccessful execution of cron jobs. It can also be used to spot intrusions into the use of the cron facility by unauthorized and malicious users.
Check Content
# ls -lL /var/cron/log If this file does not exist, or is older than the last cron job, this is a finding. # grep CRONLOG /etc/default/cron If a CRONLOG=YES line does not exist, this is a finding.
Fix Text
Edit /etc/default/cron and set CRONLOG=YES.
Additional Identifiers
Rule ID:
Vulnerability ID: V-982
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000126 |
The organization determines that the organization-defined subset of the auditable events defined in AU-2 are to be audited within the information system. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| AU-2 |
Audit Events |