Check: GEN003000
Solaris 10 SPARC STIG:
GEN003000
(in versions v2 r4 through v1 r19)
Title
Cron must not execute group-writable or world-writable programs. (Cat II impact)
Discussion
If cron executes group-writable or world-writable programs, there is a possibility that unauthorized users could manipulate the programs with malicious intent. This could compromise system and network security.
Check Content
List all cronjobs on the system. Procedure: # ls /var/spool/cron/crontabs/ If cron jobs exist under any of the above directories search for programs executed by cron. Procedure: # more <cron job file> Determine if the file is group-writable or world-writable. Procedure: # ls -la <cron program file> If cron executes group-writable or world-writable files, this is a finding.
Fix Text
Remove the world-writable and group-writable permissions from the cron program file(s) identified. # chmod go-w <cron program file>
Additional Identifiers
Rule ID: SV-226615r603265_rule
Vulnerability ID: V-226615
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |