6.7 Services - crontab access is root only

Information

This change creates a cron.allow file with a root user entry and removes the cron.deny file, if it exists.

Rationale:

This ensures that only the root user has the ability to create a crontab. A hacker may exploit use of the crontab to execute programs or processes automatically. Limiting access to the root account only reduces this risk.

Solution

Create the /var/adm/cron/cron.allow file and remove /var/adm/cron/cron.deny (if it exists):

print 'root
adm' > /var/adm/cron/cron.allow

rm /var/adm/cron/cron.deny

Default Value:

N/A

See Also

https://workbench.cisecurity.org/benchmarks/13069

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-16

Plugin: Unix

Control ID: 59c1e019d512481a192ef9a2d52e51164f5fa8a9482cd1cf0397f91443e34a8d