Ensure that /etc/at.deny does not exist
An XCCDF Rule
Description
The file /etc/at.deny
should not exist.
Use /etc/at.allow
instead.
Rationale
Access to at
should be restricted.
It is easier to manage an allow list than a deny list.
- ID
- xccdf_org.ssgproject.content_rule_file_at_deny_not_exist
- Severity
- Medium
- Updated
Remediation - Ansible
- name: Remove /etc/at.deny
file:
path: /etc/at.deny
state: absent
when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
tags:
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
if [[ -f /etc/at.deny ]]; then
rm /etc/at.deny
fi