Default system accounts (with the exception of root) must not be listed in the cron.allow file or must be included in the cron.deny file, if cron.allow does not exist.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-11995 | GEN003060 | SV-38251r1_rule | ECPA-1 | Medium |
| Description |
|---|
| To centralize the management of privileged account crontabs, of the default system accounts, only root may have a crontab. |
| STIG | Date |
|---|---|
| HP-UX 11.31 Security Technical Implementation Guide | 2017-01-27 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-31812r1_fix) |
|---|
| Remove default system accounts (such as bin, sys, adm, or others) from the cron.allow file if it exists, or add those accounts to the cron.deny file. |