Verify Permissions on cron.d
An XCCDF Rule
Description
To properly set the permissions of /etc/cron.d
, run the command:
$ sudo chmod 0700 /etc/cron.d
Rationale
Service configuration files enable or disable features of their respective services that if configured incorrectly can lead to insecure and vulnerable configurations. Therefore, service configuration files should have the correct access rights to prevent unauthorized changes.
- ID
- xccdf_org.ssgproject.content_rule_file_permissions_cron_d
- Severity
- Medium
- References
- Updated
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
find -H /etc/cron.d/ -maxdepth 1 -perm /u+s,g+xwrs,o+xwrt -type d -exec chmod u-s,g-xwrs,o-xwrt {} \;
else
Remediation - Ansible
- name: Find /etc/cron.d/ file(s)
command: 'find -H /etc/cron.d/ -maxdepth 1 -perm /u+s,g+xwrs,o+xwrt -type d '
register: files_found
changed_when: false
failed_when: false
check_mode: false