Profile Applicability:
• Level 1
Description:
The /etc/cron.d directory contains system-wide cron job files. Proper permissions on this directory prevent unauthorized users from adding, modifying, or executing scheduled tasks, helping to maintain system security and integrity.
Rationale:
Restricting access to /etc/cron.d reduces the risk of unauthorized or malicious cron jobs being executed, protecting the system from potential compromise.
Impact:
Pros:
Prevents unauthorized modification of system cron jobs.
Helps maintain system stability and security.
Cons:
Overly restrictive permissions may interfere with legitimate system processes.
Default Value:
Permissions may vary depending on the distribution but should be checked and corrected if necessary.
Pre-requisites:
Root or sudo privileges to modify directory permissions.
Remediation:
Test Plan:
Using Linux command line:
1. Check current permissions on /etc/cron.d:
ls -ld /etc/cron.d
2. Verify ownership and permission settings.
Implementation Plan:
Using Linux command line:
1. Set ownership to root and restrict permissions, for example
chown root:root /etc/cron.d chmod 700 /etc/cron.d
2. Verify updated permissions:
ls -ld /etc/cron.d
Backout Plan:
Using Linux command line:
1. Restore previous ownership and permissions if necessary:
chown <previous_owner>:<previous_group> /etc/cron.d chmod <previous_permissions> /etc/cron.d
2. Verify restoration.
References:
CIS Amazon Linux 2 Benchmark v3.0.0 — https://www.cisecurity.org/benchmark/amazon_linux/
Linux chmod Manual — https://man7.org/linux/man-pages/man1/chmod.1.html
NIST SP 800-53 Revision 5 - CM-5 Configuration Management — https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final