STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The "at" daemon must not execute group-writable or world-writable programs.

DISA Rule

SV-226864r603265_rule

Vulnerability Number

V-226864

Group Title

SRG-OS-000480

Rule Version

GEN003360

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Remove group-write and world-write permissions from files executed by "at" jobs.
Procedure:
# chmod go-w <file>

Check Contents

List the "at" jobs on the system.
Procedure:
# ls -la /var/spool/cron/atjobs

For each "at" job file, determine which programs are executed.
Procedure:
# more <at job file>

Check each program executed by "at" for group- or world-writable permissions.
Procedure:
# ls -la <at program file>

If "at" executes group- or world-writable programs, this is a finding.

Vulnerability Number

V-226864

Documentable

False

Rule Version

GEN003360

Severity Override Guidance

List the "at" jobs on the system.
Procedure:
# ls -la /var/spool/cron/atjobs

For each "at" job file, determine which programs are executed.
Procedure:
# more <at job file>

Check each program executed by "at" for group- or world-writable permissions.
Procedure:
# ls -la <at program file>

If "at" executes group- or world-writable programs, this is a finding.

Check Content Reference

M

Target Key

4060

Comments