Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-91609 | AIX7-00-001033 | SV-101707r1_rule | Medium |
Description |
---|
To centralize the management of privileged account crontabs, of the default system accounts, only root may have a crontab. |
STIG | Date |
---|---|
IBM AIX 7.x Security Technical Implementation Guide | 2020-02-24 |
Check Text ( C-90763r1_chk ) |
---|
Check the "cron.allow" and "cron.deny" files for the system using commands: # more /var/adm/cron/cron.allow # more /var/adm/cron/cron.deny If the "cron.allow" file exists and is empty, this is a finding. If a default system account (such as bin, sys, adm, or lpd) is listed in the "cron.allow" file, or not listed in the "cron.deny" file, this is a finding. |
Fix Text (F-97807r1_fix) |
---|
Remove default system accounts (such as bin, sys, adm, or lpd) from the "cron.allow" file, or add those accounts to the "cron.deny" file. |