Skip to content

Verify Group Who Owns /etc/at.allow file

An XCCDF Rule

Description

If /etc/at.allow exists, it must be group-owned by root. To properly set the group owner of /etc/at.allow, run the command:

$ sudo chgrp root /etc/at.allow

Rationale

If the owner of the at.allow file is not set to root, the possibility exists for an unauthorized user to view or edit sensitive information.

ID
xccdf_org.ssgproject.content_rule_file_groupowner_at_allow
Severity
Medium
References
Updated



Remediation - Ansible

- name: Test for existence /etc/at.allow
  stat:
    path: /etc/at.allow
  register: file_exists
  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
  tags:

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

chgrp 0 /etc/at.allow

else