6.5 Services - at access is root only

Information

This change creates an at.allow file with a root user entry and removes the at.deny file, if it exists.

Rationale:

This ensures that only the root user has the ability to schedule jobs through the at command. A hacker may exploit use of at to execute programs or processes automatically. Limiting access to the root account only reduces this risk.

Solution

Create the /var/adm/cron/at.allow file and remove /var/adm/cron/at.deny (if it exists):

echo 'root' > /var/adm/cron/at.allow
rm /var/adm/cron/at.deny

Default Value:

N/A

See Also

https://workbench.cisecurity.org/benchmarks/13069

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-16

Plugin: Unix

Control ID: 4b544fe0ae96d5e6b6fabf31e77facbde842a6be8f2e70398545bd6191c65f09