Verify Owner on cron.deny
An XCCDF Rule
Description
To properly set the owner of /etc/cron.deny
, run the command:
$ sudo chown root /etc/cron.deny
Rationale
Service configuration files enable or disable features of their respective services that if configured incorrectly can lead to insecure and vulnerable configurations. Therefore, service configuration files should be owned by the correct user to prevent unauthorized changes.
- ID
- xccdf_org.ssgproject.content_rule_file_owner_cron_deny
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Test for existence /etc/cron.deny
stat:
path: /etc/cron.deny
register: file_exists
when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
tags:
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
chown 0 /etc/cron.deny
else