{"description": "\nTo properly set the owner of <code>/etc/cron.weekly</code>, run the command:\n\n  <pre>$ sudo chown root /etc/cron.weekly </pre>\n  ", "rationale": "Service configuration files enable or disable features of their respective services that if configured incorrectly\ncan lead to insecure and vulnerable configurations. Therefore, service configuration files should be owned by the\ncorrect user to prevent unauthorized changes.", "severity": "medium", "references": {"cis-csc": ["12", "13", "14", "15", "16", "18", "3", "5"], "cobit5": ["APO01.06", "DSS05.04", "DSS05.07", "DSS06.02"], "isa-62443-2009": ["4.3.3.7.3"], "isa-62443-2013": ["SR 2.1", "SR 5.2"], "iso27001-2013": ["A.10.1.1", "A.11.1.4", "A.11.1.5", "A.11.2.1", "A.13.1.1", "A.13.1.3", "A.13.2.1", "A.13.2.3", "A.13.2.4", "A.14.1.2", "A.14.1.3", "A.6.1.2", "A.7.1.1", "A.7.1.2", "A.7.3.1", "A.8.2.2", "A.8.2.3", "A.9.1.1", "A.9.1.2", "A.9.2.3", "A.9.4.1", "A.9.4.4", "A.9.4.5"], "nist": ["CM-6(a)", "AC-6(1)"], "nist-csf": ["PR.AC-4", "PR.DS-5"], "srg": ["SRG-OS-000480-GPOS-00227"], "cis": ["2.4.1.5"], "pcidss4": ["2.2.6", "2.2"]}, "control_references": {"cis": ["2.4.1.5"], "pcidss4": ["2.2.6", "2.2"]}, "components": [], "identifiers": {}, "ocil_clause": "/etc/cron.weekly does not have an owner of root", "ocil": "To check the ownership of <code>/etc/cron.weekly</code>,\nrun the command:\n<pre>$ ls -lL /etc/cron.weekly</pre>\nIf properly configured, the output should indicate the following owner:\n<code>root</code>", "oval_external_content": null, "fixtext": " Change the owner of the directory /etc/cron.weekly/ to root by running the following command:\n$ sudo chown root /etc/cron.weekly/", "checktext": "", "vuldiscussion": "", "srg_requirement": " The Ubuntu 22.04 /etc/cron.weekly directory must be owned by root.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 Must Be Configured In Accordance With The Security Configuration Settings Based On Dod Security Configuration Or Implementation Guidance, Including Stigs, Nsa Configuration Guides, Ctos, And Dtms.", "vuldiscussion": "Service configuration files enable or disable features of their respective services that if configured incorrectly\ncan lead to insecure and vulnerable configurations. Therefore, service configuration files should be owned by the\ncorrect user to prevent unauthorized changes.", "checktext": "To check the ownership of  /etc/cron.weekly ,\nrun the command:\n $ ls -lL /etc/cron.weekly\nIf properly configured, the output should indicate the following owner:\n root\n\nIf /etc/cron.weekly does not have an owner of root, then this is a finding."}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Verify Owner on cron.weekly", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml", "template": {"name": "file_owner", "vars": {"filepath": "/etc/cron.weekly/", "uid_or_name": "0"}, "backends": {}}}