5.7 Services - crontab access is root only - adm exists in cron.allow

Information

This change creates a cron.allow file with a root user entry and removes the cron.deny file, if it exists.

Rationale:

This ensures that only the root user has the ability to create a crontab. A hacker may exploit use of the crontab to execute programs or processes automatically. Limiting access to the root account only reduces this risk.

Solution

Create the /var/adm/cron/cron.allow file and remove /var/adm/cron/cron.deny (if it exists):

print 'root
adm' > /var/adm/cron/cron.allow

rm /var/adm/cron/cron.deny

Default Value:

N/A

See Also

https://workbench.cisecurity.org/files/4119

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-16, CSCv7|8.3

Plugin: Unix

Control ID: f1dc35ceffcc6228bdde5ad962ef0621fc48a7c9d7e751ab04daeedfbab30d18