oneEntry() {
grepWord="$1"
grepFile="$2"
maxLines="$3"
lineCount=$(wc -l "$grepFile")
if [[ $lineCount -gt $maxLines ]]; then
exit 1
fi
grep "$grepWord" "$grepFile"
}
@test "Verify root in /etc/at.allow" {
run oneEntry root /etc/at.allow 1
[ "$status" -eq 0 ]
}Ensure root in /etc/at.allow
Description
Configure /etc/at.allow to allow specific users to use these services.
Rationale
It is easier to manage an allow list than a deny list.
Audit
Remediation
shell
echo 'root' > /etc/at.allow
chown root:root /etc/cron*
chmod og-rwx /etc/cron*Ansible
- name: allow root cron
become: 'yes'
become_method: sudo
lineinfile:
line: "root"
dest: ""
mode: 0600
state: present
create: 'yes'
with_items:
- /etc/at.allow
tags:
- cron
- security