GEN003250 - The cron.allow file must be group-owned by system, bin, sys, or cron.

Information

If the group of the cron.allow is not set to system, bin, sys, or cron, the possibility exists for an unauthorized user to view or edit the list of users permitted to use cron. Unauthorized modification of this file could cause Denial of Service to authorized cron users or provide unauthorized users with the ability to run cron jobs.

Solution

Change the group owner of the cron.allow file to bin, sys, system, or cron.
Procedure:
# chgrp cron /var/adm/cron/cron.allow

See Also

https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Group-ID|V-22391, Rule-ID|SV-39346r1_rule, STIG-ID|GEN003250, Vuln-ID|V-22391

Plugin: Unix

Control ID: a0d6cf14458168b473772de45bfc37a04e3bf1de2acd23411e84b8a08ea2abfc