GEN003050 - Crontab files must be group-owned by root, cron, or the crontab creator's primary group - '/var/spool/cron/*'

Information

To protect the integrity of scheduled system jobs and prevent malicious modification to these jobs, crontab files must be secured.

Solution

Change the group owner of the crontab file to root, cron, or the crontab's primary group.
Procedure:
# chgrp root [crontab file]

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Group-ID|V-22385, Rule-ID|SV-37400r1_rule, STIG-ID|GEN003050, Vuln-ID|V-22385

Plugin: Unix

Control ID: 030775f03d8c020b3944872e32bbeebb06847440ae05fec4b8d70ea111449a03