- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
The at
and batch
commands can be used to
schedule tasks that are meant to be executed only once. This allows delayed
execution in a manner similar to cron, except that it is not
recurring. The daemon atd
keeps track of tasks scheduled via
at
and batch
, and executes them at the specified time.
The atd
service can be disabled with the following command:
$ sudo systemctl disable atd.service
The atd
service could be used by an unsophisticated insider to carry
out activities outside of a normal login session, which could complicate
accountability. Furthermore, the need to schedule tasks with at
or
batch
is not common.
The following script can be run on the host to remediate the issue.
#!/bin/bash
SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" stop 'atd.service'
"$SYSTEMCTL_EXEC" disable 'atd.service'
# Disable socket activation if we have a unit file for it
"$SYSTEMCTL_EXEC" list-unit-files | grep -q '^atd.socket\>' && "$SYSTEMCTL_EXEC" disable 'atd.socket'
# The service may not be running because it has been started and failed,
# so let's reset the state so OVAL checks pass.
# Service should be 'inactive', not 'failed' after reboot though.
"$SYSTEMCTL_EXEC" reset-failed 'atd.service'
The following playbook can be run with Ansible to remediate the issue.
- name: Disable service atd
service:
name: "{{item}}"
enabled: "no"
state: "stopped"
register: service_result
failed_when: "service_result is failed and ('Could not find the requested service' not in service_result.msg)"
with_items:
- atd
tags:
- service_atd_disabled
- unknown_severity
- disable_strategy
- low_complexity
- low_disruption
- NIST-800-53-CM-7
- name: Disable socket of service atd if applicable
service:
name: "{{item}}"
enabled: "no"
state: "stopped"
register: socket_result
failed_when: "socket_result is failed and ('Could not find the requested service' not in socket_result.msg)"
with_items:
- atd.socket
tags:
- service_atd_disabled
- unknown_severity
- disable_strategy
- low_complexity
- low_disruption
- NIST-800-53-CM-7