6.5 Services - at access is root only

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This change creates an at.allow file with a root user entry and removes the at.deny file, if it exists.

Rationale:

This ensures that only the root user has the ability to schedule jobs through the at command. A hacker may exploit use of at to execute programs or processes automatically. Limiting access to the root account only reduces this risk.

Solution

Create the /var/adm/cron/at.allow file and remove /var/adm/cron/at.deny (if it exists):

echo 'root' > /var/adm/cron/at.allow
rm /var/adm/cron/at.deny

Default Value:

N/A

See Also

https://workbench.cisecurity.org/benchmarks/7851