STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

V-985

CAT II (Medium)

The at.deny file must not be empty if it exists.

Rule ID

SV-45649r1_rule

STIG

SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

Version

V1R12

CCIs

CCI-000225

Discussion

On some systems, if there is no at.allow file and there is an empty at.deny file, then the system assumes everyone has permission to use the "at" facility. This could create an insecure setting in the case of malicious users or system intruders.

Check Content

# more /etc/at.deny
If the at.deny file exists and is empty, this is a finding.

Fix Text

Add appropriate users to the at.deny file, or remove the empty at.deny file if an at.allow file exists.