#6 Change permissions to CIS compliant
Closed 4 months ago by opohorel. Opened 5 months ago by opohorel.
rpms/ opohorel/crontabs cis_compliance  into  rawhide

file modified
+2 -2
@@ -33,11 +33,11 @@ 

  

  %install

  rm -rf $RPM_BUILD_ROOT

- mkdir -p $RPM_BUILD_ROOT/etc/cron.{hourly,daily,weekly,monthly}

+ mkdir -pm 700 $RPM_BUILD_ROOT/etc/cron.{hourly,daily,weekly,monthly}

  mkdir -p $RPM_BUILD_ROOT/usr/bin

  mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man4/

  

- install -m644 ./crontab $RPM_BUILD_ROOT/etc/crontab

+ install -m600 ./crontab $RPM_BUILD_ROOT/etc/crontab

  install -m755 ./run-parts $RPM_BUILD_ROOT/usr/bin/run-parts

  install -m644 ./{crontabs,run-parts}.4 $RPM_BUILD_ROOT/%{_mandir}/man4/

  

Several file permissions have to be changed in order to have crontabs
CIS compliant.

Reference for this commit:
static.open-scap.org/ssg-guides/ssg-rhel9-guide-cis.html

This is wrong and should not be merged! There is absolutely no reason to make these files unreadable to others.

Pull-Request has been closed by opohorel

4 months ago
Metadata