Check: GEN002960
Title
Access to the cron utility must be controlled using the cron.allow and/or cron.deny file(s). (Cat II impact)
Discussion
The cron facility allows users to execute recurring jobs on a regular and unattended basis. The cron.allow file designates accounts allowed to enter and execute jobs using the cron facility. If neither cron.allow nor cron.deny exists, then any account may use the cron facility. This may open the facility up for abuse by system intruders and malicious users.
Check Content
Check for the existence of the cron.allow and cron.deny files. # ls -lL /etc/cron.d/cron.allow # ls -lL /etc/cron.d/cron.deny If neither file exists, this is a finding.
Fix Text
Create /etc/cron.d/cron.allow and/or /etc/cron.d/cron.deny with appropriate content.
Additional Identifiers
Rule ID:
Vulnerability ID: V-974
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000225 |
The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions. |
Controls
Number | Title |
---|---|
AC-6 |
Least Privilege |