STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 1 Release: 26 Benchmark Date: 24 Jan 2020: Default system accounts (with the exception of root) must not be listed in the at.allow file or must be included in the at.deny file if the at.allow file does not exist.DISA Rule
SV-27384r1_rule
Vulnerability Number
V-986
Group Title
GEN003320
Rule Version
GEN003320
Severity
CAT II
CCI(s)
- CCI-000225 - The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.
Weight
10
Fix Recommendation
Remove the default accounts (such as bin, sys, adm, and others) from the at.allow file.
Check Contents
# more /etc/cron.d/at.allow
If default accounts (such as bin, sys, adm, and others) are listed in the at.allow file, this is a finding.
Vulnerability Number
V-986
Documentable
False
Rule Version
GEN003320
Severity Override Guidance
# more /etc/cron.d/at.allow
If default accounts (such as bin, sys, adm, and others) are listed in the at.allow file, this is a finding.
Check Content Reference
M
Responsibility
System Administrator
Target Key
25
Comments