Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-215192 | AIX7-00-001033 | SV-215192r508663_rule | Medium |
Description |
---|
To centralize the management of privileged account crontabs, of the default system accounts, only root may have a crontab. |
STIG | Date |
---|---|
IBM AIX 7.x Security Technical Implementation Guide | 2023-02-13 |
Check Text ( C-16390r294027_chk ) |
---|
Check the "cron.allow" and "cron.deny" files for the system using commands: # more /var/adm/cron/cron.allow # more /var/adm/cron/cron.deny If the "cron.allow" file exists and is empty, this is a finding. If a default system account (such as bin, sys, adm, or lpd) is listed in the "cron.allow" file, or not listed in the "cron.deny" file, this is a finding. |
Fix Text (F-16388r294028_fix) |
---|
Remove default system accounts (such as bin, sys, adm, or lpd) from the "cron.allow" file, or add those accounts to the "cron.deny" file. |