Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changes the defaults of the cronjob-files from 644 to 600 #75

Merged
merged 1 commit into from
Jan 13, 2020
Merged

Changes the defaults of the cronjob-files from 644 to 600 #75

merged 1 commit into from
Jan 13, 2020

Conversation

ralfbosz
Copy link
Contributor

@ralfbosz ralfbosz commented Oct 7, 2019

In order to comply with CIS Benchmark Requirements
(#65) the file-mode of all files has been changed
from 644 to 600. The files should only be readable
by root. For CIS-benchmark see:
https://www.cisecurity.org/cis-benchmarks/

Pull Request (PR) description

This Pull Request (PR) fixes the following issues

@ralfbosz
Changes the defaults of the cronjob-files
e0e0638 
In order to comply with CIS Benchmark Requirements
(voxpupuli#65) the file-mode of all files has been changed
from 644 to 600. The files should only be readable
by root. For CIS-benchmark see:
https://www.cisecurity.org/cis-benchmarks/
@ralfbosz
Copy link
Contributor Author

ralfbosz commented Oct 7, 2019

The PDF can be downloaded from the URL which is in the commit, since it requires registration I can't attach it to this commit.

The reason for limiting the mode from the PDF:

" Read access to these files could provide users with the ability to gain insight on system jobs that
run on the system and could provide them a way to gain unauthorized privileged access."

igalic
igalic approved these changes Oct 7, 2019
View reviewed changes
Copy link
Contributor

@igalic igalic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@bastelfreak bastelfreak changed the title Changes the defaults of the cronjob-files Changes the defaults of the cronjob-files from 644 to 600 Jan 13, 2020
@bastelfreak bastelfreak added the enhancement New feature or request label Jan 13, 2020
@bastelfreak bastelfreak merged commit 9d464ef into voxpupuli:master Jan 13, 2020
@kenyon kenyon mentioned this pull request Mar 20, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@igalic igalic igalic approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ralfbosz @igalic @bastelfreak