The AIX /var/spool/cron/atjobs directory must be owned by root or bin.
An XCCDF Rule
Description
<VulnDiscussion>Unauthorized ownership of the /var/spool/cron/atjobs directory could permit unauthorized users the ability to alter atjobs and run automated jobs as privileged users. Failure to set proper permissions of the /var/spool/cron/atjobs directory provides unauthorized users with the potential to access sensitive information or change the system configuration which could weaken the system's security posture.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-245566r991589_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Change the ownership of the "atjobs" directory to bin using command:
# chown bin /var/spool/cron/atjobs