RHEL 9 /etc/crontab file must have mode 0600.

STIG ID: RHEL-09-232265  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-257933 | 

Vulnerability Discussion

Service configuration files enable or disable features of their respective services that if configured incorrectly can lead to insecure and vulnerable configurations; therefore, service configuration files must have the correct access rights to prevent unauthorized changes.

Check

Verify the permissions of /etc/crontab with the following command:

$ stat -c "%a %n" /etc/crontab

0600

If /etc/crontab does not have a mode of "0600", this is a finding.

Fix

Configure the RHEL 9 file /etc/crontab with mode 600.

$ sudo chmod 0600 /etc/crontab