Powered by GitBook

Ensure /etc/at.deny is removed

Description

Configure /etc/cron.allow and /etc/at.allow to allow specific users to use these services. If /etc/cron.allow or /etc/at.allow do not exist, then /etc/at.deny and /etc/cron.deny are checked. Any user not specifically defined in those files is allowed to use at and cron.

Rationale

It is easier to manage an allow list than a deny list.

Audit

@test "Ensure /etc/at.deny is removed" {
  run test -f /etc/at.deny
  [ "$status" -eq 1 ]
}

Remediation

shell

rm /etc/at.deny 2> /dev/null

Ansible

- name: remove at.deny
  become: 'yes'
  become_method: sudo
  file:
    path: ""
    state: absent
  ignore_errors: true
  with_items:
    - /etc/at.deny
  tags:
    - at
    - security

References

CIS RHEL 7 Benchmark 2.2.0: 5.1.8
CIS Ubuntu 18.04 v1.0.0: 5.1.8

results matching ""

No results matching ""