AT subsystem access (UNIX)

Module: System Queues

This check reports users that are allowed to use the at and batch utilities. Use the Users/Groups name lists to include or exclude users that are not included or excluded by the Users to check option.

The following table lists the error messages for the check.

Table: Error messages for AT subsystem access

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_ATGLOBAL Category: Policy Compliance	UNIX (5930)	Title: Global at and batch usage allowed Description:Your system is set so anyone can use the at and batch commands. See the man pages for information about the at command. This message provides information but does not require any security action on your part.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_ATSUONLY Category: Policy Compliance	UNIX (5931)	Title: Only root can use at and batch Description:Your system is set so only the root account can use the at and batch commands. See the man pages for information about the at command. This message provides information but does not require any security action on your part.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_ATALLOW Category: Policy Compliance	UNIX (5932)	Title: Allowed to use at and batch Description:This user is allowed to use the at and batch commands. See the man pages for information about the at command. This message provides information but does not require any security action on your part.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_ATDENY Category: Policy Compliance	UNIX (5933)	Title: Denied use of at and batch Description:This user is denied use of the at and batch commands. See the man pages for information about the at command. This message provides information but does not require any security action on your part.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_CRONNSUSER Category: Policy Compliance	UNIX (5943)	Title: Non-existent user configured for cron or at Description:This user is listed in one or more of the cron and batch configuration files but do not exist on the system. This can represent a security breach if the named accounts are later recreated and either granted cron or at access without authority or denied cron or at access when they should have authority. You should correct this problem by removing the listed users from the indicated files.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_ATGLOBAL

Category: Policy Compliance

UNIX (5930)

Title: Global at and batch usage allowed

Description:Your system is set so anyone can use the at and batch commands. See the man pages for information about the at command. This message provides information but does not require any security action on your part.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_ATSUONLY

Category: Policy Compliance

UNIX (5931)

Title: Only root can use at and batch

Description:Your system is set so only the root account can use the at and batch commands. See the man pages for information about the at command. This message provides information but does not require any security action on your part.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_ATALLOW

Category: Policy Compliance

UNIX (5932)

Title: Allowed to use at and batch

Description:This user is allowed to use the at and batch commands. See the man pages for information about the at command. This message provides information but does not require any security action on your part.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_ATDENY

Category: Policy Compliance

UNIX (5933)

Title: Denied use of at and batch

Description:This user is denied use of the at and batch commands. See the man pages for information about the at command. This message provides information but does not require any security action on your part.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_CRONNSUSER

Category: Policy Compliance

UNIX (5943)

Title: Non-existent user configured for cron or at

Description:This user is listed in one or more of the cron and batch configuration files but do not exist on the system. This can represent a security breach if the named accounts are later recreated and either granted cron or at access without authority or denied cron or at access when they should have authority. You should correct this problem by removing the listed users from the indicated files.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]