6.6 Adding authorized users in cron.allow

Information

The /var/adm/cron/cron.allow file defines which users on the system are able to schedule jobs via cron.

Rationale:

The /var/adm/cron/cron.allow file defines which users are able to schedule jobs via cron. Review the current cron files and add any relevant users to the /var/adm/cron/cron.allow file.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Review the current cron files:

ls -l /var/spool/cron/crontabs/
cat /var/spool/cron/crontabs/*

NOTE: Review the list of cron schedules and remove any files which should not be there, or have no content.
Add the recommended system users to the cron.allow list:

echo 'sys' >> /var/adm/cron/cron.allow
echo 'adm' >> /var/adm/cron/cron.allow

Add any other users who require permissions to use the cron scheduler:

echo <user> >> /var/adm/cron/cron.allow

NOTE: Where <user> is the username.

Default Value:

N/A

See Also

https://workbench.cisecurity.org/benchmarks/13069

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(2), 800-53|AC-6(5)

Plugin: Unix

Control ID: d0652667780aaa3a56d28aaabcc5335b8755b4be9ba563d08648476f954df9bf