Title

Cron must not execute programs in, or subordinate to, world-writable directories. (Cat II impact)

Discussion

If cron programs are located in or subordinate to world-writable directories, they become vulnerable to removal and replacement by malicious users or system intruders.

Check Content

List all cronjobs on the system. Procedure: # ls /var/spool/cron/crontabs/ If cron jobs exist under any of the above directories search for programs executed by cron. Procedure: # more <cron job file> Determine if the directory containing programs executed from cron is world-writable. Procedure: # ls -ld <cron program directory> If cron executes programs in world-writable directories, this is a finding.

Fix Text

Remove the world-writable permission from the cron program directories identified. Procedure: # chmod o-w <cron program directory>

Additional Identifiers

Rule ID: SV-227742r603266_rule

Vulnerability ID: V-227742

Group Title: SRG-OS-000480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.