6.9 Restrict at/cron To Authorized Users - should pass if /etc/cron.d/cron.allow permissions are OK.

Information

The cron.allow and at.allow files are a list of users who are allowed to run the crontab and at commands to submit jobs to be run at scheduled intervals.

Solution

Perform the following to implement the recommended state-
cd /etc/cron.d
mv cron.deny cron.deny.cis
mv at.deny at.deny.cis
echo root > cron.allow
cp /dev/null at.allow
chown root:root cron.allow at.allow
chmod 400 cron.allow at.allow

See Also

https://workbench.cisecurity.org/files/614

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(10), CSCv6|3.1

Plugin: Unix

Control ID: 6434640f5584d360d49d1564a15f9babd95771f711f96149815b4dbc000fc543