Ensure that /etc/at.allow exists

문서 > Datadog 보안 > OOTB Rules > Ensure that /etc/at.allow exists

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

The file /etc/at.allow should exist and should be used instead of /etc/at.deny.

Rationale

Using the at.allow file to control who can run at jobs enforces this who can schedule jobs. It is easier to manage an allow list than a deny list.

Remediation

Shell script

The following script can be run on the host to remediate the issue.

#!/bin/bash

# Remediation is applicable only in certain platforms
if dpkg-query --show --showformat='${db:Status-Status}' 'linux-base' 2>/dev/null | grep -q '^installed$'; then

touch /etc/at.allow
    chown 0 /etc/at.allow
    chmod 0640 /etc/at.allow

else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

Ansible playbook

The following playbook can be run with Ansible to remediate the issue.

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - disable_strategy
  - file_at_allow_exists
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed

- name: Add empty /etc/at.allow
  file:
    path: /etc/at.allow
    state: touch
    owner: '0'
    mode: '0640'
  when: '"linux-base" in ansible_facts.packages'
  tags:
  - disable_strategy
  - file_at_allow_exists
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed