Ensure that /etc/at.deny does not exist

Docs > Datadog Security > OOTB Rules > Ensure that /etc/at.deny does not exist

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

The file /etc/at.deny should not exist. Use /etc/at.allow instead.

Rationale

Access to at should be restricted. It is easier to manage an allow list than a deny list.

Remediation

Shell script

The following script can be run on the host to remediate the issue.

#!/bin/bash

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

if [[ -f  /etc/at.deny ]]; then
        rm /etc/at.deny
    fi

else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

Ansible playbook

The following playbook can be run with Ansible to remediate the issue.

- name: Remove /etc/at.deny
  file:
    path: /etc/at.deny
    state: absent
  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
  tags:
  - PCI-DSSv4-2.2.6
  - disable_strategy
  - file_at_deny_not_exist
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed