STIGQter STIGQter: STIG Summary: Oracle Linux 5 Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 26 Oct 2018: Crontab files must be group-owned by root, cron, or the crontab creators primary group.

DISA Rule

SV-64399r1_rule

Vulnerability Number

V-22385

Group Title

GEN003050

Rule Version

GEN003050

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Change the group owner of the crontab file to root, cron, or the crontab's primary group.

Procedure:
# chgrp root [crontab file]

Check Contents

Check the group ownership of the crontab files.
Procedure:

# ls -lL /var/spool/cron

# ls -lL /etc/cron.d /etc/crontab /etc/cron.daily /etc/cron.hourly /etc/cron.monthly /etc/cron.weekly
or
# ls -lL /etc/cron*|grep -v deny

If the group owner is not root or the crontab owner's primary group, this is a finding.

Vulnerability Number

V-22385

Documentable

False

Rule Version

GEN003050

Severity Override Guidance

Check the group ownership of the crontab files.
Procedure:

# ls -lL /var/spool/cron

# ls -lL /etc/cron.d /etc/crontab /etc/cron.daily /etc/cron.hourly /etc/cron.monthly /etc/cron.weekly
or
# ls -lL /etc/cron*|grep -v deny

If the group owner is not root or the crontab owner's primary group, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

2207

Comments