GEN003060 - Default system accounts must GEN003580be included in the cron.deny file - 'sshd'

Information

To centralize the management of privileged account crontabs, of the default system accounts, only root may have a crontab.

Solution

Remove default system accounts (such as bin, sys, adm, or others) from the cron.allow file if it exists, or add those accounts to the cron.deny file.

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Rule-ID|SV-27336r1_rule, STIG-ID|GEN003060, Vuln-ID|V-11995

Plugin: Unix

Control ID: fba03489ed85a898acbc97e5381603cb7f67c6e77883d786b7bc4aa8ff1d7a01