Enable cron Service
An XCCDF Rule
Description
The crond
service is used to execute commands at
preconfigured times. It is required by almost all systems to perform necessary
maintenance tasks, such as notifying root of system activity.
The cron
service can be enabled with the following command:
$ sudo systemctl enable cron.service
Rationale
Due to its usage for maintenance and security-supporting tasks, enabling the cron daemon is essential.
- ID
- xccdf_org.ssgproject.content_rule_service_cron_enabled
- Severity
- Medium
- References
- Updated
Remediation - Puppet
include enable_cron
class enable_cron {
service {'cron':
enable => true,
ensure => 'running',
Remediation - OS Build Blueprint
[customizations.services]
enabled = ["cron"]
Remediation - Ansible
- name: Enable service cron
block:
- name: Gather the package facts
package_facts:
manager: auto
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" unmask 'cron.service'
"$SYSTEMCTL_EXEC" start 'cron.service'