GEN003060 - Default system accounts must not be in the cron.allow file or must be in cron.deny - 'sshd'

Information

To centralize the management of privileged account crontabs, of the default system accounts, only root may have a crontab.

Solution

Remove default system accounts (such as bin, sys, adm, or others) from the cron.allow file if it exists, or add those accounts to the cron.deny file.

See Also

https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Group-ID|V-11995, Rule-ID|SV-27336r1_rule, STIG-ID|GEN003060, Vuln-ID|V-11995

Plugin: Unix

Control ID: 5498b92724fe29f4647956a0d8f7848c6f65785c95baa985a4d3b800b227f90c