SV-227757r603266_rule
V-227757
SRG-OS-000312
GEN003220
CAT III
10
Edit cron script files and modify the umask to 077.
Determine if there are any crontabs by viewing a long listing of the directory. If there are crontabs, examine them to determine what cron jobs exist. Check for any programs specifying an umask.
# ls -lL /var/spool/cron/crontabs
# cat <crontab file>
# grep umask <cron program>
If there are no cron jobs present, this vulnerability is not applicable. If any cron job contains an umask value more permissive than 077, this is a finding.
Severity Override Guidance:
If a cron program sets the umask to 000 or does not restrict the world-writable permission, this becomes a CAT I finding.
V-227757
False
GEN003220
Determine if there are any crontabs by viewing a long listing of the directory. If there are crontabs, examine them to determine what cron jobs exist. Check for any programs specifying an umask.
# ls -lL /var/spool/cron/crontabs
# cat <crontab file>
# grep umask <cron program>
If there are no cron jobs present, this vulnerability is not applicable. If any cron job contains an umask value more permissive than 077, this is a finding.
Severity Override Guidance:
If a cron program sets the umask to 000 or does not restrict the world-writable permission, this becomes a CAT I finding.
M
4061