How to block access to crontab with a cpcksh EAC policy

Document ID:7024843
Creation Date:28-Sep-2020
Modified Date:09-Apr-2021
- Micro Focus Products:
  Privileged Account Manager (Privileged User Manager)

Environment

Privileged Account Manager 3.7

Situation

How to block access to crontab with a cpcksh Enhanced Access Control (EAC) policy

Resolution

The following Enhanced Access Control policy could be used to block access to crontab with an associated audited command risk:

path /**/crontab !all:log=3
path /etc/cron.(d|daily|hourly|monthly|weekly)/** !all:log=3

For more details relating to cpcksh or EAC policies, please refer to the Administration Guide > Privileged Access to UNIX and Linux > Enhanced Access Control.