STIGQter STIGQter: STIG Summary: VMware ESX 3 Server Version: 1 Release: 2 Benchmark Date: 22 Jul 2016: The at daemon must not execute group-writable or world-writable programs.

DISA Rule

SV-988r2_rule

Vulnerability Number

V-988

Group Title

GEN003360

Rule Version

GEN003360

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Remove group-write and world-write permissions from files executed by "at" jobs.
Procedure:
# chmod go-w <file>

Check Contents

List the "at" jobs on the system.
Procedure:
# ls -la /var/spool/cron/atjobs /var/spool/atjobs

For each "at" job file, determine which programs are executed.
Procedure:
# more <at job file>

Check each program executed by "at" for group- or world-writable permissions.
Procedure:
# ls -la <at program file>

If "at" executes group- or world-writable programs, this is a finding.

Vulnerability Number

V-988

Documentable

False

Rule Version

GEN003360

Severity Override Guidance

List the "at" jobs on the system.
Procedure:
# ls -la /var/spool/cron/atjobs /var/spool/atjobs

For each "at" job file, determine which programs are executed.
Procedure:
# more <at job file>

Check each program executed by "at" for group- or world-writable permissions.
Procedure:
# ls -la <at program file>

If "at" executes group- or world-writable programs, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

1386

Comments