STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM AIX 7.x Security Technical Implementation Guide

V-215192

CAT II (Medium)

AIX default system accounts (with the exception of root) must not be listed in the cron.allow file or must be included in the cron.deny file, if cron.allow does not exist.

Rule ID

SV-215192r991589_rule

STIG

IBM AIX 7.x Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-000366

Discussion

To centralize the management of privileged account crontabs, of the default system accounts, only root may have a crontab.

Check Content

Check the "cron.allow" and "cron.deny" files for the system using commands:
# more /var/adm/cron/cron.allow 
# more /var/adm/cron/cron.deny 

If the "cron.allow" file exists and is empty, this is a finding.

If a default system account (such as bin, sys, adm, or lpd) is listed in the "cron.allow" file, or not listed in the "cron.deny" file, this is a finding.

Fix Text

Remove default system accounts (such as bin, sys, adm, or lpd) from the "cron.allow" file, or add those accounts to the "cron.deny" file.