Check: PHTN-67-000102
VMware vSphere 6.7 Photon OS STIG:
PHTN-67-000102
(in versions v1 r6 through v1 r1)
Title
The Photon operating system must be configured so that all cron jobs are protected from unauthorized modification. (Cat II impact)
Discussion
If cron files and folders are accessible to unauthorized users, malicious jobs may be created.
Check Content
At the command line, execute the following command: # find /etc/cron.d/ /etc/cron.daily/ /etc/cron.hourly/ /etc/cron.monthly/ /etc/cron.weekly/ -xdev -type f -a '(' -perm -002 -o -not -user root -o -not -group root ')' -exec ls -ld {} \; If any files are returned, this is a finding.
Fix Text
At the command line, execute the following commands for each returned file: # chmod o-w <file> # chown root:root <file>
Additional Identifiers
Rule ID: SV-239173r675327_rule
Vulnerability ID: V-239173
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |