UCF STIG Viewer Logo

Access to the at utility must be controlled via the at.allow and/or at.deny file(s).


Overview

Finding ID Version Rule ID IA Controls Severity
V-226860 GEN003280 SV-226860r603265_rule Medium
Description
The at facility selectively allows users to execute jobs at deferred times. It is usually used for one-time jobs. The at.allow file selectively allows access to the at facility. If there is no at.allow file, there is no ready documentation of who is allowed to submit at jobs.
STIG Date
Solaris 10 SPARC Security Technical Implementation Guide 2020-12-04

Details

Check Text ( C-29022r484864_chk )
Check for the existence of at.allow and at.deny files.
# ls -lL /etc/cron.d/at.allow
# ls -lL /etc/cron.d/at.deny
If neither file exists, this is a finding.
Fix Text (F-29010r484865_fix)
Create at.allow and/or at.deny files containing appropriate lists of users to be allowed or denied access to the "at" daemon.