Cron logging must be implemented.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-982	GEN003160	SV-27352r2_rule		Medium

Description
Cron logging can be used to trace the successful or unsuccessful execution of cron jobs. It can also be used to spot intrusions into the use of the cron facility by unauthorized and malicious users.

STIG	Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide	2017-03-01

Details

Check Text ( C-28494r2_chk )
Depending on what system is used for log processing either /etc/syslog.conf or /etc/rsyslog.conf will be the logging configuration file. # grep cron /etc/syslog.conf Or: # grep cron /etc/rsyslog.conf If cron logging is not configured, this is a finding. Check the configured cron log file found in the cron entry of /etc/syslog.conf or /etc/rsyslog.conf (normally /var/log/cron). # ls -lL /var/log/cron If this file does not exist, or is older than the last cron job, this is a finding.

Check Text ( C-28494r2_chk )

Depending on what system is used for log processing either /etc/syslog.conf or /etc/rsyslog.conf will be the logging configuration file.
# grep cron /etc/syslog.conf
Or:
# grep cron /etc/rsyslog.conf
If cron logging is not configured, this is a finding.

Check the configured cron log file found in the cron entry of /etc/syslog.conf or /etc/rsyslog.conf (normally /var/log/cron).
# ls -lL /var/log/cron

If this file does not exist, or is older than the last cron job, this is a finding.

Fix Text (F-31389r2_fix)
Edit /etc/syslog.conf or /etc/rsyslog.conf and setup cron logging