STIGQter STIGQter: STIG Summary: VMware ESX 3 Server Version: 1 Release: 2 Benchmark Date: 22 Jul 2016: The "at" daemon must not execute programs in, or subordinate to, world-writable directories.

DISA Rule

SV-989r2_rule

Vulnerability Number

V-989

Group Title

GEN003380

Rule Version

GEN003380

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Remove the world-writable permission from directories containing programs executed by "at".

Procedure:
# chmod o-w <at program directory>

Check Contents

List any "at" jobs on the system.
Procedure:
# ls /var/spool/cron/atjobs /var/spool/atjobs

For each "at" job, determine which programs are executed.
Procedure:
# more <at job file>

Check the directory containing each program executed by "at" for world-writable permissions.
Procedure:
# ls -la <at program file directory>

If "at" executes programs in world-writable directories, this is a finding.

Vulnerability Number

V-989

Documentable

False

Rule Version

GEN003380

Severity Override Guidance

List any "at" jobs on the system.
Procedure:
# ls /var/spool/cron/atjobs /var/spool/atjobs

For each "at" job, determine which programs are executed.
Procedure:
# more <at job file>

Check the directory containing each program executed by "at" for world-writable permissions.
Procedure:
# ls -la <at program file directory>

If "at" executes programs in world-writable directories, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

1386

Comments