Skip to content

5.1.9 Ensure at is restricted to authorized users

Audit#

Run the following command and verify that /etc/at.deny does not exist: 

# stat /etc/at.deny
stat: cannot stat `/etc/at.deny': No such file or directory

Run the following command and verify Uid and Gid are both 0/root and Access, does not grant write or execute to group, and does not grant permissions to other for/etc/at.allow: 

# stat /etc/at.allow
Access: (0640/-rw-r-----) Uid: ( 0/ root) Gid: ( 0/ root)

Remediation#

Run the following commands to remove /etc/at.deny: 

# rm /etc/at.deny

Run the following command to create /etc/at.allow 

# touch /etc/at.allow

Run the following commands to set permissions and ownership for /etc/at.allow: 

# chmod g-wx,o-rwx /etc/at.allow
# chown root:root /etc/at.allow