STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The "at" daemon must not execute programs in, or subordinate to, world-writable directories.

DISA Rule

SV-227770r603266_rule

Vulnerability Number

V-227770

Group Title

SRG-OS-000480

Rule Version

GEN003380

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Remove the world-writable permission from directories containing programs executed by "at".

Procedure:
# chmod o-w <at program directory>

Check Contents

List any "at" jobs on the system.
Procedure:
# ls /var/spool/cron/atjobs

For each "at" job, determine which programs are executed.
Procedure:
# more <at job file>

Check the directory containing each program executed by "at" for world-writable permissions.
Procedure:
# ls -la <at program file directory>

If "at" executes programs in world-writable directories, this is a finding.

Vulnerability Number

V-227770

Documentable

False

Rule Version

GEN003380

Severity Override Guidance

List any "at" jobs on the system.
Procedure:
# ls /var/spool/cron/atjobs

For each "at" job, determine which programs are executed.
Procedure:
# more <at job file>

Check the directory containing each program executed by "at" for world-writable permissions.
Procedure:
# ls -la <at program file directory>

If "at" executes programs in world-writable directories, this is a finding.

Check Content Reference

M

Target Key

4061

Comments