GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'ipsec'

Information

Default accounts, such as bin, sys, adm, uucp, daemon, and others, should never have access to the at facility. This would create a possible vulnerability open to intruders or malicious users.

Solution

Remove the default accounts (such as bin, sys, adm, and others) from the at.allow file.

See Also

https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Group-ID|V-986, Rule-ID|SV-27385r1_rule, STIG-ID|GEN003320, Vuln-ID|V-986

Plugin: Unix

Control ID: 349e989e23c8b276cc51d475e9dbb1a42259228b94265fc58dc92f333139f3de