Cron logging must be implemented.

From Red Hat Enterprise Linux 7 Security Technical Implementation Guide

Part of SRG-OS-000480-GPOS-00227

Associated with: CCI-000366

SV-86675r1_rule Cron logging must be implemented.

Vulnerability discussion

Cron logging can be used to trace the successful or unsuccessful execution of cron jobs. It can also be used to spot intrusions into the use of the cron facility by unauthorized and malicious users.

Check content

Verify that "rsyslog" is configured to log cron events. Check the configuration of "/etc/rsyslog.conf" for the cron facility with the following command: Note: If another logging package is used, substitute the utility configuration file for "/etc/rsyslog.conf". # grep cron /etc/rsyslog.conf cron.* /var/log/cron.log If the command does not return a response, check for cron logging all facilities by inspecting the "/etc/rsyslog.conf" file: # more /etc/rsyslog.conf Look for the following entry: *.* /var/log/messages If "rsyslog" is not logging messages for the cron facility or all facilities, this is a finding. If the entry is in the "/etc/rsyslog.conf" file but is after the entry "*.*", this is a finding.

Fix text

Configure "rsyslog" to log all cron messages by adding or updating the following line to "/etc/rsyslog.conf": cron.* /var/log/cron.log Note: The line must be added before the following entry if it exists in "/etc/rsyslog.conf": *.* ~ # discards everything

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer