CCE-90715-4Platform: rhel7,centos7 | Date: (C)2017-06-29 (M)2022-10-10 |
Disable At Service (atd)
The 'at' and 'batch' commands can be used to
schedule tasks that are meant to be executed only once. This allows delayed
execution in a manner similar to cron, except that it is not
recurring. The daemon 'atd' keeps track of tasks scheduled vi
A'at' and 'batch', and executes them at the specified time.
The 'atd' service can be disabled with the following command:
'$ sudo systemctl disable atd'
Parameter:
Technical Mechanism:
The 'atd' service could be used by an unsophisticated insider to carry
out activities outside of a normal login session, which could complicate
accountability. Furthermore, the need to schedule tasks with 'at' or
'batch' is not common.
Fix:
#
# Disable atd.service for all systemd targets
#
systemctl disable atd.service
#
# Stop atd.service if currently running
#
systemctl stop atd.service
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31129 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30406 |