STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Cron must not execute group-writable or world-writable programs.

DISA Rule

SV-227741r603266_rule

Vulnerability Number

V-227741

Group Title

SRG-OS-000480

Rule Version

GEN003000

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Remove the world-writable and group-writable permissions from the cron program file(s) identified.
# chmod go-w <cron program file>

Check Contents

List all cronjobs on the system.
Procedure:
# ls /var/spool/cron/crontabs/

If cron jobs exist under any of the above directories search for programs executed by cron.
Procedure:
# more <cron job file>

Determine if the file is group-writable or world-writable.
Procedure:
# ls -la <cron program file>

If cron executes group-writable or world-writable files, this is a finding.

Vulnerability Number

V-227741

Documentable

False

Rule Version

GEN003000

Severity Override Guidance

List all cronjobs on the system.
Procedure:
# ls /var/spool/cron/crontabs/

If cron jobs exist under any of the above directories search for programs executed by cron.
Procedure:
# more <cron job file>

Determine if the file is group-writable or world-writable.
Procedure:
# ls -la <cron program file>

If cron executes group-writable or world-writable files, this is a finding.

Check Content Reference

M

Target Key

4061

Comments