Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-11995 | GEN003060 | SV-27335r1_rule | ECPA-1 | Medium |
Description |
---|
To centralize the management of privileged account crontabs, of the default system accounts, only root may have a crontab. |
STIG | Date |
---|---|
Solaris 10 X86 Security Technical Implementation Guide | 2012-05-25 |
Check Text ( C-28471r1_chk ) |
---|
Check the cron.allow and cron.deny files for the system. # more /etc/cron.d/cron.allow # more /etc/cron.d/cron.deny If a default system account (such as bin, sys, adm, or others) is listed in the cron.allow file, or not listed in the cron.deny file if no cron.allow file exists, this is a finding. |
Fix Text (F-11256r2_fix) |
---|
Remove default system accounts (such as bin, sys, adm, or others) from the cron.allow file if it exists, or add those accounts to the cron.deny file. |