STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

V-989

CAT II (Medium)

The at daemon must not execute programs in, or subordinate to, world-writable directories.

Rule ID

SV-45669r1_rule

STIG

SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

Version

V1R12

CCIs

CCI-000225

Discussion

If "at" programs are located in, or subordinate, to world-writable directories, they become vulnerable to removal and replacement by malicious users or system intruders.

Check Content

List any "at" jobs on the system.
Procedure:
# ls /var/spool/at /var/spool/atjobs

For each "at" job, determine which programs are executed by "at."
Procedure:
# more <at job file>

Check the directory containing each program executed by "at" for world-writable permissions.
Procedure:
# ls -la <at program file directory>

If "at" executes programs in world-writable directories, this is a finding.

Fix Text

Remove the world-writable permission from directories containing programs executed by "at".

Procedure:
# chmod o-w <at program directory>