Disable Odd Job Daemon (oddjobd)
The 'oddjobd' service exists to provide an interface and
access control mechanism through which
specified privileged tasks can run tasks for unprivileged client
applications. Communication with 'oddjobd' through the system message bus.
The 'oddjobd' service can be disabled with the following command:
'$ sudo systemctl disable oddjobd'
The 'oddjobd' service may provide necessary functionality in
some environments, and can be disabled if it is not needed. Execution of
tasks by privileged programs, on behalf of unprivileged ones, has traditionally
been a source of privilege escalation security issues.
Fix:
#
# Disable oddjobd.service for all systemd targets
#
systemctl disable oddjobd.service
#
# Stop oddjobd.service if currently running
#
systemctl stop oddjobd.service
oval:org.secpod.oval:def:31113
oval:org.secpod.oval:def:30390
SCAP Repo OVAL Definition
2015-11-13