======5.1.2 Ensure permissions on /etc/crontab are configured (Scored)======
=====Profile Applicability=====  
<code>
Level 1 - Server
Level 1 - Workstation 
</code>

=====Description=====
The ''/etc/crontab'' file is used by ''cron'' to control its own jobs. The commands in this item make sure that root is the user and group owner of the file and that only the owner can access the file.

=====Rationale=====
This file contains information on what system jobs are run by cron. Write access to these files could provide unprivileged users with the ability to elevate their privileges. Read access to these files could provide users with the ability to gain insight on system jobs that run on the system and could provide them a way to gain unauthorized privileged access.

=====Audit===== 
Run the following command and verify ''Uid'' and ''Gid'' are both ''0/root'' and ''Access'' does not grant permissions to ''group'' or ''other'':
<Code:bash>
# stat /etc/crontab 
Access: (0600/-rw-------) Uid: ( 0/ root) Gid: ( 0/ root)
</Code>

=====Remediation===== 
Run the following commands to set ownership and permissions on ''/etc/crontab'':
<Code:bash>
# chown root:root /etc/crontab 
# chmod og-rwx /etc/crontab
</Code>