Skip to content

5.1.8 Ensure cron is restricted to authorized users

Audit#

Run the following command and verify that /etc/cron.deny does not exist: 

# stat /etc/cron.deny
stat: cannot stat `/etc/cron.deny': No such file or directory

Run the following command and verify Uid and Gid are both 0/root and Access, does not grant write or execute to group, and does not grant permissions to other for/etc/cron.allow: 

# stat /etc/cron.allow
Access: (0640/-rw-r-----) Uid: ( 0/ root) Gid: ( 0/ root)

Remediation#

Run the following commands to remove /etc/cron.deny: 

# rm /etc/cron.deny

Run the following command to create /etc/cron.allow 

# touch /etc/cron.allow

Run the following commands to set permissions and ownership for /etc/cron.allow: 

# chmod g-wx,o-rwx /etc/cron.allow
# chown root:root /etc/cron.allow