RHEL 9 /etc/crontab file must have mode 0600.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-257933	RHEL-09-232265	SV-257933r991589_rule		Medium

Description

Service configuration files enable or disable features of their respective services that if configured incorrectly can lead to insecure and vulnerable configurations; therefore, service configuration files must have the correct access rights to prevent unauthorized changes.

STIG	Date
Red Hat Enterprise Linux 9 Security Technical Implementation Guide	2024-12-04

Details

Check Text (C-61674r925784_chk)

Verify the permissions of /etc/crontab with the following command:

$ stat -c "%a %n" /etc/crontab

0600

If /etc/crontab does not have a mode of "0600", this is a finding.

Fix Text (F-61598r925785_fix)

Configure the RHEL 9 file /etc/crontab with mode 600.

$ sudo chmod 0600 /etc/crontab