{"description": "\nTo properly set the permissions of <code>/etc/cron.hourly</code>, run the command:\n<pre>$ sudo chmod 0700 /etc/cron.hourly</pre>", "rationale": "Service configuration files enable or disable features of their respective services that if configured incorrectly\ncan lead to insecure and vulnerable configurations. Therefore, service configuration files should have the\ncorrect access rights to prevent unauthorized changes.", "severity": "medium", "references": {"cis-csc": ["12", "13", "14", "15", "16", "18", "3", "5"], "cobit5": ["APO01.06", "DSS05.04", "DSS05.07", "DSS06.02"], "isa-62443-2009": ["4.3.3.7.3"], "isa-62443-2013": ["SR 2.1", "SR 5.2"], "iso27001-2013": ["A.10.1.1", "A.11.1.4", "A.11.1.5", "A.11.2.1", "A.13.1.1", "A.13.1.3", "A.13.2.1", "A.13.2.3", "A.13.2.4", "A.14.1.2", "A.14.1.3", "A.6.1.2", "A.7.1.1", "A.7.1.2", "A.7.3.1", "A.8.2.2", "A.8.2.3", "A.9.1.1", "A.9.1.2", "A.9.2.3", "A.9.4.1", "A.9.4.4", "A.9.4.5"], "nist": ["CM-6(a)", "AC-6(1)"], "nist-csf": ["PR.AC-4", "PR.DS-5"], "srg": ["SRG-OS-000480-GPOS-00227"], "cis": ["2.4.1.3"], "pcidss4": ["2.2.6", "2.2"]}, "control_references": {"cis": ["2.4.1.3"], "pcidss4": ["2.2.6", "2.2"]}, "components": [], "identifiers": {}, "ocil_clause": "/etc/cron.hourly does not have unix mode -rwx------", "ocil": "To check the permissions of <code>/etc/cron.hourly</code>,\nrun the command:\n<pre>$ ls -l /etc/cron.hourly</pre>\nIf properly configured, the output should indicate the following permissions:\n<code>-rwx------</code>", "oval_external_content": null, "fixtext": " Change the permissions of the directory \"/etc/cron.hourly/\" to \"0700\" by running the following command:\n$ sudo chmod 0700 /etc/cron.hourly/", "checktext": "", "vuldiscussion": "", "srg_requirement": " The Ubuntu 22.04 /etc/cron.hourly directory must have mode 0700 or less permissive.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 Must Be Configured In Accordance With The Security Configuration Settings Based On Dod Security Configuration Or Implementation Guidance, Including Stigs, Nsa Configuration Guides, Ctos, And Dtms.", "vuldiscussion": "Service configuration files enable or disable features of their respective services that if configured incorrectly\ncan lead to insecure and vulnerable configurations. Therefore, service configuration files should have the\ncorrect access rights to prevent unauthorized changes.", "checktext": "To check the permissions of  /etc/cron.hourly ,\nrun the command:\n $ ls -l /etc/cron.hourly\nIf properly configured, the output should indicate the following permissions:\n -rwx------\n\nIf /etc/cron.hourly does not have unix mode -rwx------, then this is a finding."}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Verify Permissions on cron.hourly", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml", "template": {"name": "file_permissions", "vars": {"filepath": "/etc/cron.hourly/", "filemode": "0700"}, "backends": {}}}