3.2.7 Services - crontab access is root only - root exists in cron.allow

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This change creates a cron.allow file with a root user entry and removes the cron.deny file, if it exists.

Rationale:

This ensures that only the root user has the ability to create a crontab. A hacker may exploit use of the crontab to execute programs or processes automatically. Limiting access to the root account only reduces this risk.

Solution

Create the /var/adm/cron/cron.allow file and remove /var/adm/cron/cron.deny (if it exists):

print 'root
adm' > /var/adm/cron/cron.allow

rm /var/adm/cron/cron.deny

Default Value:

N/A

See Also

https://workbench.cisecurity.org/files/3525