{"description": "\nTo properly set the permissions of <code>/etc/cron.d</code>, run the command:\n<pre>$ sudo chmod 0700 /etc/cron.d</pre>", "rationale": "Service configuration files enable or disable features of their respective services that if configured incorrectly\ncan lead to insecure and vulnerable configurations. Therefore, service configuration files should have the\ncorrect access rights to prevent unauthorized changes.", "severity": "medium", "references": {"cis-csc": ["12", "13", "14", "15", "16", "18", "3", "5"], "cobit5": ["APO01.06", "DSS05.04", "DSS05.07", "DSS06.02"], "isa-62443-2009": ["4.3.3.7.3"], "isa-62443-2013": ["SR 2.1", "SR 5.2"], "iso27001-2013": ["A.10.1.1", "A.11.1.4", "A.11.1.5", "A.11.2.1", "A.13.1.1", "A.13.1.3", "A.13.2.1", "A.13.2.3", "A.13.2.4", "A.14.1.2", "A.14.1.3", "A.6.1.2", "A.7.1.1", "A.7.1.2", "A.7.3.1", "A.8.2.2", "A.8.2.3", "A.9.1.1", "A.9.1.2", "A.9.2.3", "A.9.4.1", "A.9.4.4", "A.9.4.5"], "nist": ["CM-6(a)", "AC-6(1)"], "nist-csf": ["PR.AC-4", "PR.DS-5"], "srg": ["SRG-OS-000480-GPOS-00227"], "cis": ["2.4.1.7"], "pcidss4": ["2.2.6", "2.2"]}, "control_references": {"cis": ["2.4.1.7"], "pcidss4": ["2.2.6", "2.2"]}, "components": [], "identifiers": {}, "ocil_clause": "/etc/cron.d does not have unix mode -rwx------", "ocil": "To check the permissions of <code>/etc/cron.d</code>,\nrun the command:\n<pre>$ ls -l /etc/cron.d</pre>\nIf properly configured, the output should indicate the following permissions:\n<code>-rwx------</code>", "oval_external_content": null, "fixtext": " Change the permissions of the directory \"/etc/cron.d/\" to \"0600\" by running the following command:\n$ sudo chmod 0600 /etc/cron.d/", "checktext": "", "vuldiscussion": "", "srg_requirement": " The Ubuntu 22.04 /etc/cron.d directory must have mode 0600 or less permissive.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 permissions of cron configuration files and directories must not be modified from the operating system defaults.", "vuldiscussion": "If the permissions of cron configuration files or directories are modified from the operating system defaults, it may be possible for individuals to insert unauthorized cron jobs that perform unauthorized actions, including potentially escalating privileges.", "checktext": "Run the following command to verify that the owner, group, and mode of cron configuration files and directories match the operating system defaults:\n\n$ rpm --verify cronie crontabs | awk '! ($2 == \"c\" && $1 ~ /^.\\..\\.\\.\\.\\..\\./) {print $0}'\n\nIf the command returns any output, this is a finding.", "fixtext": "Run the following commands to restore the permissions of cron configuration files and directories to the operating system defaults:\n\n$ sudo dnf reinstall cronie crontabs\n$ rpm --setugids cronie crontabs\n$ rpm --setperms cronie crontabs"}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Verify Permissions on cron.d", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml", "template": {"name": "file_permissions", "vars": {"filepath": "/etc/cron.d/", "filemode": "0700"}, "backends": {}}}