UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Cron must not execute group-writable or world-writable programs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-976 GEN003000 SV-37384r1_rule DCSL-1 Medium
Description
If cron executes group-writable or world-writable programs, there is a possibility that unauthorized users could manipulate the programs with malicious intent. This could compromise system and network security.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2015-06-12

Details

Check Text ( C-36071r1_chk )
List all cronjobs on the system.
Procedure:

# ls /var/spool/cron

# ls /etc/cron.d /etc/crontab /etc/cron.daily /etc/cron.hourly /etc/cron.monthly /etc/cron.weekly
or
# ls /etc/cron*|grep -v deny

If cron jobs exist under any of the above directories, use the following command to search for programs executed by cron:

# more

Perform a long listing of each program file found in the cron file to determine if the file is group-writable or world-writable.

# ls -la

If cron executes group-writable or world-writable files, this is a finding.
Fix Text (F-31315r1_fix)
Remove the world-writable and group-writable permissions from the cron program file(s) identified.
# chmod go-w