Verify User Who Owns /etc/at.allow file
An XCCDF Rule
Description
If /etc/at.allow
exists, it must be owned by root
.
To properly set the owner of /etc/at.allow
, run the command:
$ sudo chown root /etc/at.allow
Rationale
If the owner of the at.allow file is not set to root, the possibility exists for an unauthorized user to view or edit sensitive information.
- ID
- xccdf_org.ssgproject.content_rule_file_owner_at_allow
- Severity
- Medium
- Updated
Remediation - Ansible
- name: Test for existence /etc/at.allow
stat:
path: /etc/at.allow
register: file_exists
when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
tags:
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
chown 0 /etc/at.allow
else