The at.deny file must not be empty if it exists.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| GEN003300-ESXI5-PNF | GEN003300-ESXI5-PNF | GEN003300-ESXI5-PNF_rule | Medium |
| Description |
|---|
| On some systems, if there is no at.allow file and there is an empty at.deny file, then the system assumes that everyone has permission to use the "at" facility. This could create an insecure setting in the case of malicious users or system intruders. Applicable, but permanent not-a-finding - No "at" command. |
| STIG | Date |
|---|---|
| VMware ESXi v5 Security Technical Implementation Guide | 2013-01-15 |
Details
| Check Text ( C-GEN003300-ESXI5-PNF_chk ) |
|---|
| ESXi supports this requirement and cannot be configured to be out of compliance. This is a permanent not a finding. |
| Fix Text (F-GEN003300-ESXI5-PNF_fix) |
|---|
| This requirement is permanent not a finding. No fix is required. |