GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'daemon' - at.deny

Information

Default accounts, such as bin, sys, adm, uucp, daemon, and others, should never have access to the at facility. This would create a possible vulnerability open to intruders or malicious users.

Solution

Remove the default accounts (such as bin, sys, adm, and others) from the at.allow file.

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Rule-ID|SV-27385r1_rule, STIG-ID|GEN003320, Vuln-ID|V-986

Plugin: Unix

Control ID: c9c5ec3d70a31fa4cdd07aed6300f35baba456ad62d0d4bc12bb8472398af577