The AIX /var/spool/cron/atjobs directory must have a mode of 0640 or less permissive.

An XCCDF Rule

Description

<VulnDiscussion>Incorrect permissions of the /var/spool/cron/atjobs directory could permit unauthorized users the ability to alter atjobs and run automated jobs as privileged users. Failure to set proper permissions of the /var/spool/cron/atjobs directory provides unauthorized users with the potential to access sensitive information or change the system configuration which could weaken the system's security posture.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-245568r755145_rule
Severity: Medium
References: CCI-000366
Updated: 8 months ago

Change the mode of the /var/spool/cron/atjobs directory:
# chmod 640 /var/spool/cron/atjobs

The AIX /var/spool/cron/atjobs directory must have a mode of 0640 or less permissive.

Description

Remediation - Manual Procedure