Profile Applicability:
• Level 1
Description:
The /etc/cron.daily directory contains scripts scheduled to run daily. Proper permissions on this directory prevent unauthorized users from adding, modifying, or executing scripts, which helps maintain system security and integrity.
Rationale:
Restricting access to /etc/cron.daily reduces the risk of unauthorized or malicious cron jobs being executed, protecting the system from potential compromise.
Impact:
Pros:
Prevents unauthorized modification of scheduled daily tasks.
Helps maintain system stability and security.
Cons:
Overly restrictive permissions may prevent legitimate updates.
Default Value:
Permissions may vary depending on the distribution but should be checked and corrected if necessary.
Pre-requisites:
Root or sudo privileges to modify directory permissions.
Remediation:
Test Plan:
Using Linux command line:
1. Check current permissions on /etc/cron.daily:
ls -ld /etc/cron.daily
2. Verify ownership and permission settings.
Implementation Plan:
Using Linux command line:
1. Set ownership to root and restrict permissions, for example:
chown root:root /etc/cron.daily chmod 700 /etc/cron.daily
2. Verify updated permissions:
ls -ld /etc/cron.daily
Backout Plan:
Using Linux command line:
1. Restore previous ownership and permissions if necessary:
chown <previous_owner>:<previous_group> /etc/cron.daily chmod <previous_permissions> /etc/cron.daily
2. Verify restoration.
References:
CIS Amazon Linux 2 Benchmark v3.0.0
Linux chmod Manual