STIGQter: STIG Summary: Solaris 11 X86 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Solaris 11 X86 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-216123r603268_rule
V-216123
SRG-OS-000480
SOL-11.1-040420
CAT II
10
The root role is required.
Modify the cron configuration files.
# mv /etc/cron.d/cron.deny /etc/cron.d/cron.deny.temp
# mv /etc/cron.d/at.deny /etc/cron.d/at.deny.temp
Skip the remaining steps only if using the “solaris.jobs.user” RBAC role.
# echo root > /etc/cron.d/cron.allow
# cp /dev/null /etc/cron.d/at.allow
# chown root:root /etc/cron.d/cron.allow /etc/cron.d/at.allow
# chmod 400 /etc/cron.d/cron.allow /etc/cron.d/at.allow
Check that "at" and "cron" users are configured correctly.
# ls /etc/cron.d/cron.deny
If cron.deny exists, this is a finding.
# ls /etc/cron.d/at.deny
If at.deny exists, this is a finding.
# cat /etc/cron.d/cron.allow
cron.allow should have a single entry for "root", or the cron.allow file is removed if using RBAC.
If any accounts other than root that are listed and they are not properly documented with the IA staff, this is a finding.
# wc -l /etc/cron.d/at.allow | awk '{ print $1 }'
If the output is non-zero, this is a finding, or the at.allow file is removed if using RBAC.
V-216123
False
SOL-11.1-040420
Check that "at" and "cron" users are configured correctly.
# ls /etc/cron.d/cron.deny
If cron.deny exists, this is a finding.
# ls /etc/cron.d/at.deny
If at.deny exists, this is a finding.
# cat /etc/cron.d/cron.allow
cron.allow should have a single entry for "root", or the cron.allow file is removed if using RBAC.
If any accounts other than root that are listed and they are not properly documented with the IA staff, this is a finding.
# wc -l /etc/cron.d/at.allow | awk '{ print $1 }'
If the output is non-zero, this is a finding, or the at.allow file is removed if using RBAC.
M
4021