Skip to content

Enable cron Service

An XCCDF Rule

Description

The crond service is used to execute commands at preconfigured times. It is required by almost all systems to perform necessary maintenance tasks, such as notifying root of system activity. The cron service can be enabled with the following command:

$ sudo systemctl enable cron.service

Rationale

Due to its usage for maintenance and security-supporting tasks, enabling the cron daemon is essential.

ID
xccdf_org.ssgproject.content_rule_service_cron_enabled
Severity
Medium
References
Updated



Remediation - Puppet

include enable_cron

class enable_cron {
  service {'cron':
    enable => true,
    ensure => 'running',

Remediation - OS Build Blueprint


[customizations.services]
enabled = ["cron"]

Remediation - Ansible

- name: Enable service cron
  block:

  - name: Gather the package facts
    package_facts:
      manager: auto

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" unmask 'cron.service'
"$SYSTEMCTL_EXEC" start 'cron.service'