Skip to content

Commit 11e04dd

Browse files
authored
Merge pull request #150 from dev-sec/cron
add cron permissions hardening
2 parents df6b952 + 559b167 commit 11e04dd

File tree

1 file changed

+20
-0
lines changed

1 file changed

+20
-0
lines changed

controls/os_spec.rb

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -262,3 +262,23 @@
262262
end
263263
end
264264
end
265+
266+
control 'os-13' do
267+
impact 1.0
268+
title 'Protect cron directories and files'
269+
desc 'The cron directories and files should belong to root.'
270+
271+
cron_files = ['/etc/crontab', '/etc/cron.hourly', '/etc/cron.daily', '/etc/cron.weekly', '/etc/cron.monthly', '/etc/cron.d']
272+
273+
cron_files.each do |cron_file|
274+
next unless file(cron_file).exist?
275+
276+
describe file(cron_file) do
277+
it { should be_owned_by 'root' }
278+
it { should_not be_writable.by('group') }
279+
it { should_not be_writable.by('other') }
280+
it { should_not be_readable.by('group') }
281+
it { should_not be_readable.by('other') }
282+
end
283+
end
284+
end

0 commit comments

Comments
 (0)