1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
documentation_complete: true
title: 'Verify Group Who Owns Crontab'
description: |-
{{{ describe_file_group_owner(file="/etc/crontab", group="root") }}}
rationale: |-
Service configuration files enable or disable features of their respective services that if configured incorrectly
can lead to insecure and vulnerable configurations. Therefore, service configuration files should be owned by the
correct group to prevent unauthorized changes.
severity: medium
identifiers:
cce@rhel8: CCE-82223-9
cce@rhel9: CCE-84171-8
cce@rhel10: CCE-89062-4
cce@sle12: CCE-92264-1
cce@sle15: CCE-91380-6
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 5.1.2
cis@sle15: 5.1.2
cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
isa-62443-2009: 4.3.3.7.3
isa-62443-2013: 'SR 2.1,SR 5.2'
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
srg: SRG-OS-000480-GPOS-00227
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/crontab", group="root") }}}'
ocil: |-
{{{ ocil_file_group_owner(file="/etc/crontab", group="root") }}}
fixtext: '{{{ fixtext_file_group_owner(file="/etc/crontab", group="root") }}}'
srg_requirement: '{{{ srg_requirement_file_group_owner(file="/etc/crontab", group="root") }}}'
template:
name: file_groupowner
vars:
filepath: /etc/crontab
gid_or_name: '0'
|
