← Back to SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

V-982

CAT II (Medium)

Cron logging must be implemented.

Rule ID

SV-45615r1_rule

STIG

SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

Version

V1R12

CCIs

CCI-000126

Discussion

Cron logging can be used to trace the successful or unsuccessful execution of cron jobs. It can also be used to spot intrusions into the use of the cron facility by unauthorized and malicious users.

Check Content

By default, rsyslog includes configuration files found in the /etc/rsyslog.d directory.  Check for the include directive” $IncludeConfig /etc/rsyslog.d/*.conf” in /etc/rsyslog.conf and then for the cron log configuration file.
# grep rsyslog.d /etc/rsyslog.conf
# grep cron /etc/rsyslog.d/*.conf

OR

# grep cron /etc/rsyslog.conf
If cron logging is not configured, this is a finding.

Check the configured cron log file found in the cron entry of /etc/syslog (normally /var/log/cron).
# ls -lL /var/log/cron

If this file does not exist, or is older than the last cron job, this is a finding.

Fix Text

Edit or create /etc/rsyslog.d/cron.conf and setup cron logging.