← Rules Catalog
mediumaccess-controlverified rollback-safe

Configure at access control

at-access-control · RHEL ≥ 8 · 1 impl

Description

Access to the at command should be restricted using /etc/at.allow. When at.allow exists, only users listed can use the at command.

Rationale

The at command allows scheduling one-time tasks. Restricting access limits which users can schedule tasks, reducing the risk of unauthorized job scheduling.

Check → Remediate

Checkcomposed · 2 sub-checks (all must pass)
1. file_exists:
path=/etc/at.allow
2. file_permission:
path=/etc/at.allow mode=0600 owner=root group=root
Remediatefile_content
path:
/etc/at.allow
content:
root
owner:
root
group:
root
mode:
0600

Framework references

CIS

rhel9 2.4.2.1rhel8 2.4.2.1rhel10 2.4.2.1

NIST 800-53

AC-3AC-6CM-6

Live verification

rhel10:checkrhel8:checkrhel9:check
#at#access-control#scheduling#security