CRON subsystem access (UNIX)

Module: System Queues

This check reports users that are allowed to use the cron facility. Use the Users/Groups name lists to include or exclude users that are not included or excluded by the Users to check option.

The following table lists the error messages for the check.

Table: Error messages for CRON subsystem access

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_CRONGLOBAL Category: Policy Compliance	UNIX (5934)	Title: Global cron usage allowed Description:Your system is set so anyone can use the crontab command. See the man pages for information about the crontab command. This message provides information but does not require any security action on your part.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_CRONSUONLY Category: Policy Compliance	UNIX (5935)	Title: Only root can use crontab Description:Your system is set so only the root account can use the crontab command. See the man pages for information about the crontab command. This message provides information but does not require any security action on your part.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_CRONALLOW Category: Policy Compliance	UNIX (5936)	Title: Allowed to use crontab Description:This user is allowed to use the crontab command. See the man pages for information about the crontab command. This message provides information but does not require any security action on your part.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_CRONDENY Category: Policy Compliance	UNIX (5937)	Title: Denied use of crontab Description:This user is denied use of the crontab command. See the man pages for information about the crontab command. This message provides information but does not require any security action on your part.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_CRONNSUSER Category: Policy Compliance	UNIX (5943)	Title: Non-existent user configured for cron or at Description:This user is listed in one or more of the cron and batch configuration files but do not exist on the system. This can represent a security breach if the named accounts are later recreated and either granted cron or at access without authority or denied cron or at access when they should have authority. You should correct this problem by removing the listed users from the indicated files.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_CRONGLOBAL

Category: Policy Compliance

UNIX (5934)

Title: Global cron usage allowed

Description:Your system is set so anyone can use the crontab command. See the man pages for information about the crontab command. This message provides information but does not require any security action on your part.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_CRONSUONLY

Category: Policy Compliance

UNIX (5935)

Title: Only root can use crontab

Description:Your system is set so only the root account can use the crontab command. See the man pages for information about the crontab command. This message provides information but does not require any security action on your part.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_CRONALLOW

Category: Policy Compliance

UNIX (5936)

Title: Allowed to use crontab

Description:This user is allowed to use the crontab command. See the man pages for information about the crontab command. This message provides information but does not require any security action on your part.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_CRONDENY

Category: Policy Compliance

UNIX (5937)

Title: Denied use of crontab

Description:This user is denied use of the crontab command. See the man pages for information about the crontab command. This message provides information but does not require any security action on your part.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_CRONNSUSER

Category: Policy Compliance

UNIX (5943)

Title: Non-existent user configured for cron or at

Description:This user is listed in one or more of the cron and batch configuration files but do not exist on the system. This can represent a security breach if the named accounts are later recreated and either granted cron or at access without authority or denied cron or at access when they should have authority. You should correct this problem by removing the listed users from the indicated files.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]