iCompaas Support

Profile Applicability:
 • Level 1

Description:
 The /etc/crontab file contains system-wide cron job schedules. Proper permissions on this file prevent unauthorized modification, which could otherwise lead to the execution of malicious or unintended tasks.

Rationale:
 Restricting permissions on /etc/crontab ensures that only authorized users can modify scheduled tasks, maintaining system integrity and security.

Impact:
 Pros:

• Prevents unauthorized changes to scheduled jobs.
  

• Protects against privilege escalation and persistence attacks.
  

Cons:

• Improper permission settings could block legitimate administrative changes.
  

Default Value:
 Permissions may be overly permissive by default, depending on the distribution.

Pre-requisites:

• Root or sudo privileges to modify file permissions.
  

Remediation:

Test Plan:

Using Linux command line:

1. Check current permissions on /etc/crontab:

ls -l /etc/crontab

2. Verify ownership and permission settings.

Implementation Plan:

Using Linux command line:

1. Set ownership to root and restrict permissions, for example:

chown root:root /etc/crontab  
chmod 600 /etc/crontab

2. Verify updated permissions:

ls -l /etc/crontab

Backout Plan:

Using Linux command line:

1. Restore previous ownership and permissions if necessary:

chown <previous_owner>:<previous_group> /etc/crontab  
chmod <previous_permissions> /etc/crontab

2. Verify restoration.

References:

• CIS Amazon Linux 2 Benchmark v3.0.0
  

• Linux chmod Manual
  

• NIST SP 800-53 Revision 5 - CM-5