UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Access to the "at" utility must be controlled via the at.allow and/or at.deny file(s).


Overview

Finding ID Version Rule ID IA Controls Severity
V-984 GEN003280 SV-37512r2_rule ECLP-1 Medium
Description
The "at" facility selectively allows users to execute jobs at deferred times. It is usually used for one-time jobs. The at.allow file selectively allows access to the "at" facility. If there is no at.allow file, there is no ready documentation of who is allowed to submit "at" jobs.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2015-03-12

Details

Check Text ( C-36168r2_chk )
If the "at" package is not installed, this is not applicable.

Check for the existence of at.allow and at.deny files.
# ls -lL /etc/at.allow
# ls -lL /etc/at.deny
If neither file exists, this is a finding.
Fix Text (F-31419r1_fix)
Create at.allow and/or at.deny files containing appropriate lists of users to be allowed or denied access to the "at" daemon.