Title

RHEL 9 /etc/crontab file must have mode 0600. (Cat II impact)

Discussion

Service configuration files enable or disable features of their respective services that if configured incorrectly can lead to insecure and vulnerable configurations; therefore, service configuration files must have the correct access rights to prevent unauthorized changes.

Check Content

Verify the permissions of /etc/crontab with the following command: $ stat -c "%a %n" /etc/crontab 0600 If /etc/crontab does not have a mode of "0600", this is a finding.

Fix Text

Configure the RHEL 9 file /etc/crontab with mode 600. $ sudo chmod 0600 /etc/crontab

Additional Identifiers

Rule ID: SV-257933r925786_rule

Vulnerability ID: V-257933

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.