The Red Hat Enterprise Linux operating system must have cron logging implemented.
An XCCDF Rule
Description
<VulnDiscussion>Cron logging can be used to trace the successful or unsuccessful execution of cron jobs. It can also be used to spot intrusions into the use of the cron facility by unauthorized and malicious users.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-204489r744109_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure "rsyslog" to log all cron messages by adding or updating the following line to "/etc/rsyslog.conf" or a configuration file in the /etc/rsyslog.d/ directory:
cron.* /var/log/cron
The rsyslog daemon must be restarted for the changes to take effect:
$ sudo systemctl restart rsyslog.service