UCF STIG Viewer Logo

The "at" directory must be group-owned by root, bin, sys, or cron.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22396 GEN003430 SV-37529r1_rule ECLP-1 Medium
Description
If the group of the "at" directory is not root, bin, sys, or cron, unauthorized users could be allowed to view or edit files containing sensitive information within the directory.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2017-03-01

Details

Check Text ( C-36188r1_chk )
Check the group ownership of the file.

Procedure:
# ls -lL /var/spool/at

If the file is not group-owned by root, bin, sys, daemon or cron, this is a finding.
Fix Text (F-31443r1_fix)
Change the group ownership of the file to root, bin, sys, daemon or cron.

Procedure:
# chgrp <"at" directory>