GEN003140 - Cron and crontab directories must be group-owned by root, sys, bin or cron - '/etc/cron.monthly'

Information

To protect the integrity of scheduled system jobs and to prevent malicious modification to these jobs, crontab files must be secured. Failure to give group-ownership of cron or crontab directories to a system group provides the designated group and unauthorized users with the potential to access sensitive information or change the system configuration which could weaken the system's security posture.

Solution

Change the group owner of cron and crontab directories.
# chgrp root <crontab directory>

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Group-ID|V-981, Rule-ID|SV-37476r1_rule, STIG-ID|GEN003140, Vuln-ID|V-981

Plugin: Unix

Control ID: c2b7f0d3a56617e27657f5f3b13de40cf86087d201370d46be32a59d8142514e