GEN003140 - Cron and crontab directories must be group-owned by root, sys, bin or cron - '/etc/cron.daily'

Information

To protect the integrity of scheduled system jobs and to prevent malicious modification to these jobs, crontab files must be secured. Failure to give group-ownership of cron or crontab directories to a system group provides the designated group and unauthorized users with the potential to access sensitive information or change the system configuration which could weaken the system's security posture.

Solution

Change the group owner of cron and crontab directories.

# chgrp root <crontab directory>

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V2R1_STIG.zip

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT

References: 800-53|AC-6, 800-53|CM-5(6), CAT|II, CCI|CCI-000225, CCI|CCI-001499, Rule-ID|SV-218442r603259_rule, STIG-ID|GEN003140, STIG-Legacy|SV-64305, STIG-Legacy|V-981, Vuln-ID|V-218442

Plugin: Unix

Control ID: d9b077183b2bf72a9332e49b9e13fcfb16b129fd264b812b6412b00feefeb8ee