iCompaas Support

Profile Applicability:
 • Level 1

Description:
 The /etc/cron.daily directory contains scripts scheduled to run daily. Proper permissions on this directory prevent unauthorized users from adding, modifying, or executing scripts, which helps maintain system security and integrity.

Rationale:
 Restricting access to /etc/cron.daily reduces the risk of unauthorized or malicious cron jobs being executed, protecting the system from potential compromise.

Impact:
 Pros:

• Prevents unauthorized modification of scheduled daily tasks.
  

• Helps maintain system stability and security.
  

Cons:

• Overly restrictive permissions may prevent legitimate updates.
  

Default Value:
 Permissions may vary depending on the distribution but should be checked and corrected if necessary.

Pre-requisites:

• Root or sudo privileges to modify directory permissions.
  

Remediation:

Test Plan:

Using Linux command line:

1. Check current permissions on /etc/cron.daily:

ls -ld /etc/cron.daily

2. Verify ownership and permission settings.

Implementation Plan:

Using Linux command line:

1. Set ownership to root and restrict permissions, for example:

chown root:root /etc/cron.daily  
chmod 700 /etc/cron.daily

2. Verify updated permissions:

ls -ld /etc/cron.daily

Backout Plan:

Using Linux command line:

1. Restore previous ownership and permissions if necessary:

chown <previous_owner>:<previous_group> /etc/cron.daily  
chmod <previous_permissions> /etc/cron.daily

2. Verify restoration.

References:

• CIS Amazon Linux 2 Benchmark v3.0.0
  

• Linux chmod Manual
  

• NIST SP 800-53 Revision 5 - CM-5