GEN003270 - The cron.deny file must be group-owned by system, bin, sys, or cron.

Information

Cron daemon control files restrict the scheduling of automated tasks and must be protected. Unauthorized modification of the cron.deny file could result in Denial of Service to authorized cron users or could provide unauthorized users with the ability to run cron jobs.

Solution

Change the group owner of the cron.deny file to sys, system, bin, or cron.

Procedure:
# chgrp cron /var/adm/cron/cron.deny

See Also

https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Group-ID|V-22394, Rule-ID|SV-38789r1_rule, STIG-ID|GEN003270, Vuln-ID|V-22394

Plugin: Unix

Control ID: b194cd7cd0897e0e7134d78aefe7bfc8d19a522d290b3680f1934b3b21e83c3f