The at daemon must not execute programs in, or subordinate to, world-writable directories.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-989 | GEN003380 | SV-989r6_rule | DCSL-1 | Medium |
| Description |
|---|
| If at programs are located in, or subordinate, to world-writable directories, they become vulnerable to removal and replacement by malicious users or system intruders. |
| STIG | Date |
|---|---|
| Draft AIX Security Technical Implementation Guide | 2011-08-17 |
Details
| Check Text ( C-802r3_chk ) |
|---|
| List any at jobs on the system. Procedure: # ls /var/spool/cron/atjobs /var/spool/atjobs For each at job, determine which programs are executed by at. Procedure: # more Check the directory containing each program executed by at for world-writable permissions. Procedure: # ls –la If at executes programs in world-writable directories, this is a finding. |
| Fix Text (F-1143r3_fix) |
|---|
| Remove the world-writable permission from directories containing programs executed by at. Procedure: # chmod o-w |