Title

Cron must not execute group-writable or world-writable programs. (Cat II impact)

Discussion

If cron executes group-writable or world-writable programs, there is a possibility that unauthorized users could manipulate the programs with malicious intent. This could compromise system and network security.

Check Content

List all cronjobs on the system. Procedure: # ls /var/spool/cron/crontabs/ If cron jobs exist under any of the above directories search for programs executed by cron. Procedure: # more <cron job file> Determine if the file is group-writable or world-writable. Procedure: # ls -la <cron program file> If cron executes group-writable or world-writable files, this is a finding.

Fix Text

Remove the world-writable and group-writable permissions from the cron program file(s) identified. # chmod go-w <cron program file>

Additional Identifiers

Rule ID: SV-227741r603266_rule

Vulnerability ID: V-227741

Group Title: SRG-OS-000480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.