mediumaccess-controlverified ✓rollback-safe
Configure at access control
at-access-control · RHEL ≥ 8 · 1 impl
Description
Access to the at command should be restricted using /etc/at.allow. When at.allow exists, only users listed can use the at command.
Rationale
The at command allows scheduling one-time tasks. Restricting access limits which users can schedule tasks, reducing the risk of unauthorized job scheduling.
Check → Remediate
Checkcomposed · 2 sub-checks (all must pass)
- 1. file_exists:
- path=/etc/at.allow
- 2. file_permission:
- path=/etc/at.allow mode=0600 owner=root group=root
Remediatefile_content
- path:
- /etc/at.allow
- content:
- root
- owner:
- root
- group:
- root
- mode:
- 0600
Framework references
CIS
rhel9 2.4.2.1rhel8 2.4.2.1rhel10 2.4.2.1
NIST 800-53
AC-3AC-6CM-6
Live verification
rhel10:checkrhel8:checkrhel9:check
#at#access-control#scheduling#security