3.2.6 Adding authorised users in cron.allow

Information

The /var/adm/cron/cron.allow file defines which users on the system are able to schedule jobs via cron.

Rationale:

The /var/adm/cron/cron.allow file defines which users are able to schedule jobs via cron. Review the current cron files and add any relevant users to the /var/adm/cron/cron.allow file.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Review the current cron files:

ls -l /var/spool/cron/crontabs/
cat /var/spool/cron/crontabs/*

NOTE: Review the list of cron schedules and remove any files which should not be there, or have no content.
Add the recommended system users to the cron.allow list:

echo 'sys' >> /var/adm/cron/cron.allow
echo 'adm' >> /var/adm/cron/cron.allow

Add any other users who require permissions to use the cron scheduler:

echo <user> >> /var/adm/cron/cron.allow

NOTE: Where <user> is the username.

Default Value:

N/A

See Also

https://workbench.cisecurity.org/files/3525

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(2), 800-53|AC-6(5), CSCv7|4.3

Plugin: Unix

Control ID: 9f2eebb8f7e541828540b43dcc1f8a5a476af01bf5bae7c8f56572026aa3b5f6