highfilesystemverified ✓rollback-safe
Set permissions on cron directories and files
cron-permissions · RHEL ≥ 8 · 1 impl
Description
The /etc/crontab file and cron directories (/etc/cron.d, /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly, /etc/cron.monthly) must have restrictive permissions to prevent unauthorized modification of scheduled tasks.
Rationale
Cron jobs run with the privileges specified in the crontab or as root for system cron directories. Unauthorized modification of these files could allow privilege escalation or persistent backdoor access.
Check → Remediate
Checkcomposed · 6 sub-checks (all must pass)
- 1. file_permission:
- path=/etc/crontab mode=0600 owner=root group=root
- 2. file_permission:
- path=/etc/cron.d mode=0700 owner=root group=root
- 3. file_permission:
- path=/etc/cron.hourly mode=0700 owner=root group=root
- 4. file_permission:
- path=/etc/cron.daily mode=0700 owner=root group=root
- 5. file_permission:
- path=/etc/cron.weekly mode=0700 owner=root group=root
- 6. file_permission:
- path=/etc/cron.monthly mode=0700 owner=root group=root
Remediatefile_permissions
- path:
- /etc/crontab
- mode:
- 0600
- owner:
- root
- group:
- root
Framework references
CIS
rhel9 2.4.1.2rhel8 2.4.1.2rhel10 2.4.1.2
NIST 800-53
AC-6CM-6
Live verification
rhel10:checkrhel8:checkrhel9:check
#cron#permissions#security#hardening