5.1.3 Ensure permissions on /etc/cron.hourly are configured

Information

This directory contains system cron jobs that need to run on an hourly basis. The files in
this directory cannot be manipulated by the crontab command, but are instead edited by
system administrators using a text editor. The commands below restrict read/write and
search access to user and group root, preventing regular users from accessing this
directory.

Rationale:

Granting write access to this directory for non-privileged users could provide them the
means for gaining unauthorized elevated privileges. Granting read access to this directory
could give an unprivileged user insight in how to gain elevated privileges or circumvent
auditing controls.

Solution

Run the following commands to set ownership and permissions on /etc/cron.hourly :

# chown root:root /etc/cron.hourly
# chmod og-rwx /etc/cron.hourly

See Also

https://workbench.cisecurity.org/files/2420