9.1.2 Set User/Group Owner and Permission on /etc/crontab

Information

The /etc/crontab file is used by cron to control its own jobs. The commands in this item
make sure that root is the user and group owner of the file and that only the owner can
access the file.

*Rationale*

This file contains information on what system jobs are run by cron. Write access to these
files could provide unprivileged users with the ability to elevate their privileges. Read
access to these files could provide users with the ability to gain insight on system jobs that
run on the system and could provide them a way to gain unauthorized privileged access.

Solution

# chown root-root /etc/crontab
# chmod og-rwx /etc/crontab

See Also

https://workbench.cisecurity.org/files/91

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CSCv6|3.1

Plugin: Unix

Control ID: d51bd68cfc5b6e4b0e7062959340285529b29ae548f7021623364b87ec90b065