Verify Group Who Owns /etc/cron.allow file
An XCCDF Rule
Description
If /etc/cron.allow
exists, it must be group-owned by root
.
To properly set the group owner of /etc/cron.allow
, run the command:
$ sudo chgrp root /etc/cron.allow
Rationale
If the owner of the cron.allow file is not set to root, the possibility exists for an unauthorized user to view or edit sensitive information.
- ID
- xccdf_org.ssgproject.content_rule_file_groupowner_cron_allow
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- CCE-86829-9
- NIST-800-53-AC-6(1)
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q kernel; then
chgrp 0 /etc/cron.allow
else