Verify Permissions on /etc/at.allow file
An XCCDF Rule
Description
If /etc/at.allow
exists, it must have permissions 0640
or more restrictive.
To properly set the permissions of /etc/at.allow
, run the command:
$ sudo chmod 0640 /etc/at.allow
Rationale
If the permissions of the at.allow file are not set to 0640 or more restrictive, the possibility exists for an unauthorized user to view or edit sensitive information.
- ID
- xccdf_org.ssgproject.content_rule_file_permissions_at_allow
- Severity
- Medium
- Updated
Remediation - Ansible
- name: Test for existence /etc/at.allow
stat:
path: /etc/at.allow
register: file_exists
when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
tags:
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
chmod u-xs,g-xws,o-xwrt /etc/at.allow
else